JVN#13794955
Source code of Old_GSI_Maps prior to January, 2015 vulnerable to directory traversal
Overview
Source code of Old_GSI_Maps prior to January, 2015 contains a directory traversal vulnerability.
Products Affected
- Old_GSI_Maps that was available through GitHub prior to May 25th, 2016
Description
kml2jsonp.php contained in source code of Old_GSI_Maps prior to January, 2015 provided by the Geospatial Information Authority of Japan (GSI) contains a directory traversal vulnerability (CWE-22).
Impact
When the product is used in Windows, a remote attacker may obtain arbitrary files from the server where the product is running.
Solution
Apply the update
Update kml2jsonp.php according to the information provided by the developer.
The developer recommends using "The source of GSI Maps", which is the source code of GSI_Maps currently being maintained by GSI.
Vendor Status
| Vendor | Link |
| Geospatial Information Authority of Japan (GSI) | Update to address vulnerability in source code of Old_GSI_Maps prior to January, 2015 |
| gsi-cyberjapan/legacy_old_gsimaps - GitHub | |
| gsi-cyberjapan/gsimaps - GitHub |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
| Attack Vector(AV) | Physical (P) | Local (L) | Adjacent (A) | Network (N) |
|---|---|---|---|---|
| Attack Complexity(AC) | High (H) | Low (L) | ||
| Privileges Required(PR) | High (H) | Low (L) | None (N) | |
| User Interaction(UI) | Required (R) | None (N) | ||
| Scope(S) | Unchanged (U) | Changed (C) | ||
| Confidentiality Impact(C) | None (N) | Low (L) | High (H) | |
| Integrity Impact(I) | None (N) | Low (L) | High (H) | |
| Availability Impact(A) | None (N) | Low (L) | High (H) |
| Access Vector(AV) | Local (L) | Adjacent Network (A) | Network (N) |
|---|---|---|---|
| Access Complexity(AC) | High (H) | Medium (M) | Low (L) |
| Authentication(Au) | Multiple (M) | Single (S) | None (N) |
| Confidentiality Impact(C) | None (N) | Partial (P) | Complete (C) |
| Integrity Impact(I) | None (N) | Partial (P) | Complete (C) |
| Availability Impact(A) | None (N) | Partial (P) | Complete (C) |
Credit
Shoji Baba reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2016-4814 |
| JVN iPedia |
JVNDB-2016-000090 |