75 matches found
Debian Security Advisory DSA 1481-1 (python-cherrypy)
The remote host is missing an update to python-cherrypy announced via advisory DSA 1481-1. OpenVAS Vulnerability Test $Id: deb14811.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1481-1 python-cherrypy Authors: Thomas Reinke Copyright: Copyright c 2008...
Debian: Security Advisory (DSA-1481-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
DSA-1481-1 python-cherrypy - missing input sanitising
Bulletin has no description...
GLSA-200801-11 : CherryPy: Directory traversal vulnerability
The remote host is affected by the vulnerability described in GLSA-200801-11 CherryPy: Directory traversal vulnerability CherryPy does not sanitize the session id, provided as a cookie value, in the FileSession.getfilepath function before using it as part of the file name. Impact : A remote...
CherryPy: Directory traversal vulnerability
Background CherryPy is a Python-based, object-oriented web development framework. Description CherryPy does not sanitize the session id, provided as a cookie value, in the FileSession.getfilepath function before using it as part of the file name. Impact A remote attacker could exploit this...
rPSA-2008-0030-1 CherryPy
rPath Security Advisory: 2008-0030-1 Published: 2008-01-24 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote Deterministic Unauthorized Access Updated Versions: CherryPy=conary.rpath.com@rpl:1/2.2.1-4.1-1 rPath Issue Tracking System:...
CVE-2008-0252
Directory traversal vulnerability in the getfilepath function in 1 lib/sessions.py in CherryPy 3.0.x up to 3.0.2, 2 filter/sessionfilter.py in CherryPy 2.1, and 3 filter/sessionfilter.py in CherryPy 2.x allows remote attackers to create or delete arbitrary files, and possibly read and write...
Directory traversal
Directory traversal vulnerability in the getfilepath function in 1 lib/sessions.py in CherryPy 3.0.x up to 3.0.2, 2 filter/sessionfilter.py in CherryPy 2.1, and 3 filter/sessionfilter.py in CherryPy 2.x allows remote attackers to create or delete arbitrary files, and possibly read and write...
PYSEC-2008-3
Directory traversal vulnerability in the getfilepath function in 1 lib/sessions.py in CherryPy 3.0.x up to 3.0.2, 2 filter/sessionfilter.py in CherryPy 2.1, and 3 filter/sessionfilter.py in CherryPy 2.x allows remote attackers to create or delete arbitrary files, and possibly read and write...
DEBIAN-CVE-2008-0252
Directory traversal vulnerability in the getfilepath function in 1 lib/sessions.py in CherryPy 3.0.x up to 3.0.2, 2 filter/sessionfilter.py in CherryPy 2.1, and 3 filter/sessionfilter.py in CherryPy 2.x allows remote attackers to create or delete arbitrary files, and possibly read and write...
CVE-2008-0252
Directory traversal vulnerability in the getfilepath function in 1 lib/sessions.py in CherryPy 3.0.x up to 3.0.2, 2 filter/sessionfilter.py in CherryPy 2.1, and 3 filter/sessionfilter.py in CherryPy 2.x allows remote attackers to create or delete arbitrary files, and possibly read and write...
CVE-2008-0252
Directory traversal vulnerability in the getfilepath function in 1 lib/sessions.py in CherryPy 3.0.x up to 3.0.2, 2 filter/sessionfilter.py in CherryPy 2.1, and 3 filter/sessionfilter.py in CherryPy 2.x allows remote attackers to create or delete arbitrary files, and possibly read and write...
PYSEC-2008-3
Directory traversal vulnerability in the getfilepath function in 1 lib/sessions.py in CherryPy 3.0.x up to 3.0.2, 2 filter/sessionfilter.py in CherryPy 2.1, and 3 filter/sessionfilter.py in CherryPy 2.x allows remote attackers to create or delete arbitrary files, and possibly read and write...
CVE-2008-0252
Directory traversal vulnerability in the getfilepath function in 1 lib/sessions.py in CherryPy 3.0.x up to 3.0.2, 2 filter/sessionfilter.py in CherryPy 2.1, and 3 filter/sessionfilter.py in CherryPy 2.x allows remote attackers to create or delete arbitrary files, and possibly read and write...
CVE-2008-0252
CVE-2008-0252 describes a directory traversal vulnerability in CherryPy where the _get_file_path logic in lib/sessions.py (CherryPy 3.0.x up to 3.0.2) and in filter/sessionfilter.py for CherryPy 2.1/2.x can be bypassed by crafting a session cookie. This allows remote attackers to create or delete...
CVE-2008-0252
Directory traversal vulnerability in the getfilepath function in 1 lib/sessions.py in CherryPy 3.0.x up to 3.0.2, 2 filter/sessionfilter.py in CherryPy 2.1, and 3 filter/sessionfilter.py in CherryPy 2.x allows remote attackers to create or delete arbitrary files, and possibly read and write...
CherryPy Cookie会话Id信息泄露漏洞
BUGTRAQ ID: 27181 CherryPy是Python编写的面向对象的HTTP框架。 CherryPy在处理Cookie数据时存在漏洞,远程攻击者可能利用此漏洞访问系统上的任意文件。 如果用户通过cookie提供了恶意的会话ID的话,且服务器在使用基于文件的会话,应用程序就可能引用会话目录之外的文件(文件名以SESSIONPREFIX开始)。 cherrypy.org CherryPy 3.0.2 cherrypy.org CherryPy 2.1.1 cherrypy.org ------------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
[SECURITY] Fedora 7 Update: python-cherrypy-2.2.1-8.fc7
CherryPy allows developers to build web applications in much the same way they would build any other object-oriented Python program. This usually results in smaller source code developed in less time...
[SECURITY] Fedora 8 Update: python-cherrypy-2.2.1-8.fc8
CherryPy allows developers to build web applications in much the same way they would build any other object-oriented Python program. This usually results in smaller source code developed in less time...
Fedora 7 : python-cherrypy-2.2.1-8.fc7 (2008-0333)
Fixes a security issue with a backport from upstream. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...