Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2008-2021 Tenable Network Security, Inc.GENTOO_GLSA-200801-11.NASL
HistoryJan 29, 2008 - 12:00 a.m.

GLSA-200801-11 : CherryPy: Directory traversal vulnerability

2008-01-2900:00:00
This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.
www.tenable.com
40

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

82.9%

JSON

The remote host is affected by the vulnerability described in GLSA-200801-11 (CherryPy: Directory traversal vulnerability)

CherryPy does not sanitize the session id, provided as a cookie value,     in the FileSession._get_file_path() function before using it as part of     the file name.

Impact :

A remote attacker could exploit this vulnerability to read and possibly     write arbitrary files on the web server, or to hijack valid sessions,     by providing a specially crafted session id. This only affects     applications using file-based sessions.

Workaround :

Disable the 'FileSession' functionality by using 'PostgresqlSession' or     'RamSession' session management in your CherryPy application.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 200801-11.
#
# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(30116);
  script_version("1.16");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2008-0252");
  script_bugtraq_id(27181);
  script_xref(name:"GLSA", value:"200801-11");

  script_name(english:"GLSA-200801-11 : CherryPy: Directory traversal vulnerability");
  script_summary(english:"Checks for updated package(s) in /var/db/pkg");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Gentoo host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote host is affected by the vulnerability described in GLSA-200801-11
(CherryPy: Directory traversal vulnerability)

    CherryPy does not sanitize the session id, provided as a cookie value,
    in the FileSession._get_file_path() function before using it as part of
    the file name.
  
Impact :

    A remote attacker could exploit this vulnerability to read and possibly
    write arbitrary files on the web server, or to hijack valid sessions,
    by providing a specially crafted session id. This only affects
    applications using file-based sessions.
  
Workaround :

    Disable the 'FileSession' functionality by using 'PostgresqlSession' or
    'RamSession' session management in your CherryPy application."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security.gentoo.org/glsa/200801-11"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"All CherryPy 2.2 users should upgrade to the latest version:
    # emerge --sync
    # emerge --ask --oneshot --verbose '>=dev-python/cherrypy-2.2.1-r2'
    All CherryPy 3.0 users should upgrade to the latest version:
    # emerge --sync
    # emerge --ask --oneshot --verbose '>=dev-python/cherrypy-3.0.2-r1'"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(22);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:cherrypy");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2008/01/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2008/01/29");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.");
  script_family(english:"Gentoo Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"dev-python/cherrypy", unaffected:make_list("rge 2.2.1-r2", "ge 3.0.2-r1"), vulnerable:make_list("lt 3.0.2-r1"))) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "CherryPy");
}
VendorProductVersionCPE
gentoolinuxcherrypyp-cpe:/a:gentoo:linux:cherrypy
gentoolinuxcpe:/o:gentoo:linux

Related

gentoo 1
securityvulns 2
osv 3
openvas 8
ubuntucve 1
github 1
cve 1
cvelist 1
veracode 1
nessus 3
debian 1
prion 1
debiancve 1
redhatcve 1
nvd 1
gentoo
gentoo
CherryPy: Directory traversal vulnerability
2008-01-27 00:00:00
securityvulns
securityvulns
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2008-01-25 00:00:00
rPSA-2008-0030-1 CherryPy
2008-01-25 00:00:00
osv
osv
PYSEC-2008-3
2008-01-12 02:46:00
CherryPy Malicious cookies allow access to files outside the session directory
2022-05-01 23:28:42
python-cherrypy - missing input sanitising
2008-02-05 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200801-11 (cherrypy)
2008-09-24 00:00:00
Debian Security Advisory DSA 1481-1 (python-cherrypy)
2008-02-05 00:00:00
Fedora Update for python-cherrypy FEDORA-2008-0299
2009-02-17 00:00:00
ubuntucve
ubuntucve
CVE-2008-0252
2008-01-12 00:00:00
github
github
CherryPy Malicious cookies allow access to files outside the session directory
2022-05-01 23:28:42
cve
cve
CVE-2008-0252
2008-01-12 02:46:00
cvelist
cvelist
CVE-2008-0252
2008-01-12 02:00:00
veracode
veracode
Directory Traversal
2024-04-30 10:09:36
nessus
nessus
Fedora 7 : python-cherrypy-2.2.1-8.fc7 (2008-0333)
2008-01-07 00:00:00
Fedora 8 : python-cherrypy-2.2.1-8.fc8 (2008-0299)
2008-01-07 00:00:00
Debian DSA-1481-1 : python-cherrypy - missing input sanitising
2008-02-06 00:00:00
debian
debian
[SECURITY] [DSA 1481-1] New python-cherrypy packages fix denial of service
2008-02-05 17:19:44
prion
prion
Directory traversal
2008-01-12 02:46:00
debiancve
debiancve
CVE-2008-0252
2008-01-12 02:46:00
redhatcve
redhatcve
CVE-2008-0252
2019-10-04 21:37:59
nvd
nvd
CVE-2008-0252
2008-01-12 02:46:00

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

82.9%

JSON
Related for GENTOO_GLSA-200801-11.NASL
gentoo1securityvulns2osv3openvas8ubuntucve1github1cve1cvelist1veracode1nessus3debian1prion1debiancve1redhatcve1nvd1