13 matches found
Linux Distros Unpatched Vulnerability : CVE-2020-28473
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate...
Security Bulletin: Vulnerability in bottle-0.12.16 affects IBM Cloud Pak for Data System 1.0(CPDS 1.0) [CVE-2020-28473]
Summary The bottle-0.12.16 package is used by IBM Cloud Pak for Data System 1.0. IBM Cloud Pak for Data System 1.0 has addressed the applicable CVE CVE-2020-28473. Vulnerability Details CVEID:CVE-2020-28473 DESCRIPTION: Bottle is vulnerable to HTTP response splitting attacks. A remote attacker...
Security Bulletin: Vulnerability in bottle-0.12.16 affects IBM Integrated Analytics System [CVE-2020-28473]
Summary The bottle-0.12.16 package is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable vulnerabilityCVE-2020-28473. Vulnerability Details CVEID:CVE-2020-28473 DESCRIPTION: Bottle is vulnerable to HTTP response splitting attacks. A remote attack...
Ubuntu 18.04 LTS / 20.04 LTS : Bottle vulnerability (USN-5105-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5105-1 advisory. It was discovered that Bottle incorrectly handled certain inputs. An attacker could possibly use this issue to cache malicious requests. Tenable has...
Updated python-bottle packages fix security vulnerability
Updated python-bottle packages fix security vulnerability: python-bottle before 0.12.19 is vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of the...
OESA-2021-1067 python-bottle security update
Bottle is a fast, simple and lightweight WSGI micro web-framework for Python. It is distributed as a single file module and has no dependencies other than the Python Standard Library. Security Fixes: The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a...
openSUSE Security Update : python-bottle (openSUSE-2021-302)
This update for python-bottle fixes the following issues : - CVE-2020-28473: Fixed Web Cache Poisoning vulnerability using parameter cloaking bsc1182181. This update was imported from the SUSE:SLE-15:Update update project. C Tenable Network Security, Inc. The descriptive text and package checks i...
OPENSUSE-SU-2021:0302-1 Security update for python-bottle
This update for python-bottle fixes the following issues: - CVE-2020-28473: Fixed Web Cache Poisoning vulnerability using parameter cloaking bsc1182181. This update was imported from the SUSE:SLE-15:Update update project...
Security update for python-bottle (important)
openSUSE Security Update: Security update for python-bottle Announcement ID: openSUSE-SU-2021:0302-1 Rating: important References: 1182181 Cross-References: CVE-2020-28473 CVSS scores: CVE-2020-28473 NVD : 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2020-28473 SUSE: 6.8...
[SECURITY] [DLA 2531-1] python-bottle security update
----------------------------------------------------------------------- Debian LTS Advisory DLA-2531-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta January 24, 2021 https://wiki.debian.org/LTS -...
CVE-2020-28473 Web Cache Poisoning
The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of the request between the proxy running with...
CVE-2020-28473
CVE-2020-28473 affects the bottle Python package (versions before 0.12.19). The underlying issue is parameter cloaking: if an attacker uses semicolon to separate query parameters, the proxy and server may interpret the request differently, causing malicious requests to be cached as safe. This ena...
ait-core (>=2.0.0 <=2.3.5), ait-dsn (=2.0.0) +47 more potentially affected by CVE-2020-28473 via bottle (>=0.12.10 <=0.12.18)
bottle PYPI version =0.12.10, =2.0.0, =0.1.0, =0.11.0, =0.14.0, =0.1.0, =0.4.0, =0.11.0, =0.13.0 and more Source cves: CVE-2020-28473 Source advisory: SNYK:PYTHON-BOTTLE-1017108...