Linux Distros Unpatched Vulnerability : CVE-2020-28473

🗓️ 27 Aug 2025 00:00:00Reported by TenableType

Bottle versions up to 0.12.19 are vulnerable to web cache poisoning via parameter cloaking with semicolons.

Reporter	Title	Published	Views	Family All 45
IBM Security Bulletins	Security Bulletin: Vulnerability in bottle-0.12.16 affects IBM Cloud Pak for Data System 1.0(CPDS 1.0) [CVE-2020-28473]	18 Jul 202305:34	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in bottle-0.12.16 affects IBM Integrated Analytics System [CVE-2020-28473]	12 Jun 202308:15	–	ibm
AstraLinux	Astra Linux - уязвимость в python-bottle	20 May 202605:53	–	astralinux
Circl	CVE-2020-28473	18 Jan 202114:54	–	circl
CNNVD	Bottle Environmental Vulnerability	18 Jan 202100:00	–	cnnvd
CVE	CVE-2020-28473	18 Jan 202111:15	–	cve
Cvelist	CVE-2020-28473 Web Cache Poisoning	18 Jan 202111:15	–	cvelist
Debian	[SECURITY] [DLA 2531-1] python-bottle security update	24 Jan 202119:19	–	debian
Debian CVE	CVE-2020-28473	18 Jan 202111:15	–	debiancve
Tenable Nessus	Debian DLA-2531-1 : python-bottle security update	25 Jan 202100:00	–	nessus

Source	Link
ubuntu	www.ubuntu.com/security/CVE-2020-28473
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(257562);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/08/27");

  script_cve_id("CVE-2020-28473");

  script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2020-28473");

  script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
  script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.

  - The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector
    called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can
    cause a difference in the interpretation of the request between the proxy (running with default
    configuration) and the server. This can result in malicious requests being cached as completely safe ones,
    as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a
    cache key of an unkeyed parameter. (CVE-2020-28473)

Note that Nessus relies on the presence of the package as reported by the vendor.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/CVE-2020-28473");
  script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-28473");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/01/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/08/27");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:22.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python-bottle");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl", "set_linux_os_id.nasl");
  script_require_keys("Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched", "Host/OS/identifier");
  script_require_ports("Host/OS/Ubuntu Linux-16.04", "Host/OS/Ubuntu Linux-22.04");

  exit(0);
}

if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/Debian/dpkg-l"))) audit(AUDIT_PACKAGE_LIST_MISSING);

include('linux_unpatched.inc');

var distro_constraints_array = {
  "Ubuntu Linux-16.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "16.04",
        "pkgs": [
          {"reference": "python-bottle"}
        ]
      }
    ]
  },
  "Ubuntu Linux-22.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "22.04",
        "pkgs": [
          {"reference": "python-bottle"}
        ]
      }
    ]
  }
};

var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);

if (!empty_or_null(report))
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : report
  );
  exit(0);
}
else
{
  audit(AUDIT_HOST_NOT, 'affected');
}

27 Aug 2025 00:00Current

6.4Medium risk

Vulners AI Score6.4

CVSS 25.8

CVSS 3.16.8

EPSS0.00244