How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The vulnerability in MapServer allows remote denial-of-service (DoS) attacks that can cause worker process crashes or full outages in affected environments. While the CVE description and resources do not explicitly mention compliance with standards such as GDPR or HIPAA, availability disruptions caused by this vulnerability could impact compliance with regulations that require maintaining system availability and reliability.

Specifically, regulations like GDPR and HIPAA mandate ensuring the availability of systems processing personal or sensitive data. A denial-of-service condition resulting from this vulnerability could lead to service interruptions, potentially violating these availability requirements.

However, there is no direct information in the provided context or resources linking this vulnerability to data confidentiality or integrity breaches, which are also critical for compliance.

Useful 0 Not Useful 0

How can this vulnerability impact me? :

The vulnerability results in a NULL pointer dereference, which can cause the MapServer application to crash or become unavailable.

Since the CVSS score rates the impact on availability as high (A:H), this means an attacker can cause a denial of service (DoS) condition remotely without authentication.

Useful 0 Not Useful 0

Can you explain this vulnerability to me?

This vulnerability exists in MapServer versions from 6.4.0 to before 8.6.3. It occurs because the function msSLDParseUserStyle always calls _SLDApplyRuleValues with an assumption that a class has been added for any <Rule> containing <ElseFilter/>. However, if the rule has no symbolizer (which is still structurally valid), no class is added, causing _SLDApplyRuleValues to access an invalid index, leading to a NULL pointer dereference.

An attacker can trigger this vulnerability by sending a well-formed 200-byte SLD (Styled Layer Descriptor) via the WMS SLD_BODY= parameter without requiring any authentication.

This issue is fixed in MapServer version 8.6.3.

Useful 0 Not Useful 0

What immediate steps should I take to mitigate this vulnerability?

The vulnerability is fixed in MapServer version 8.6.3. Immediate mitigation involves upgrading your MapServer installation to version 8.6.3 or later.

Since the vulnerability can be triggered by a 200-byte well-formed SLD via the WMS SLD_BODY= parameter without authentication, restricting or filtering access to this parameter at the network or application level may help reduce exposure until the upgrade is applied.

Useful 0 Not Useful 0

How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by sending a crafted SLD payload via the WMS SLD_BODY parameter to the MapServer instance and observing if it causes a crash or denial of service.

A practical detection method is to send a well-formed SLD XML payload of about 200 bytes containing an <ElseFilter/> rule with no symbolizer to the vulnerable WMS GetMap endpoint and check for process crashes or service outages.

Example command using curl to test the vulnerability (replace <URL> with your MapServer WMS endpoint):

• curl -X GET "<URL>?SERVICE=WMS&VERSION=1.1.1&REQUEST=GetMap&LAYERS=layername&STYLES=&SLD_BODY=<StyledLayerDescriptor><UserStyle><FeatureTypeStyle><Rule><ElseFilter/></Rule></FeatureTypeStyle></UserStyle></StyledLayerDescriptor>"

Monitor the MapServer process or service logs for crashes or segmentation faults after sending this request.

Useful 0 Not Useful 0