Fedora 8 : python-cherrypy-2.2.1-8.fc8 (2008-0299)

Security issue fixed with a backport from upstream. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

GLSA-200605-16 : CherryPy: Directory traversal vulnerability

The remote host is affected by the vulnerability described in GLSA-200605-16 CherryPy: Directory traversal vulnerability Ivo van der Wijk discovered that the 'staticfilter' component of CherryPy fails to sanitize input correctly. Impact : An attacker could exploit this flaw to obtain arbitrary...

CherryPy: Directory traversal vulnerability

Background CherryPy is a Python-based, object-oriented web development framework. Description Ivo van der Wijk discovered that the "staticfilter" component of CherryPy fails to sanitize input correctly. Impact An attacker could exploit this flaw to obtain arbitrary files from the web server...

[Full-disclosure] [ GLSA 200605-16 ] CherryPy: Directory traversal vulnerability

Gentoo Linux Security Advisory GLSA 200605-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...

Directory traversal

Directory traversal vulnerability in the staticfilter component in CherryPy before 2.1.1 allows remote attackers to read arbitrary files via ".." sequences in unspecified vectors...

CVE-2006-0847

Directory traversal vulnerability in the staticfilter component in CherryPy before 2.1.1 allows remote attackers to read arbitrary files via ".." sequences in unspecified vectors...

PYSEC-2006-1

Directory traversal vulnerability in the staticfilter component in CherryPy before 2.1.1 allows remote attackers to read arbitrary files via ".." sequences in unspecified vectors...

PYSEC-2006-1

Directory traversal vulnerability in the staticfilter component in CherryPy before 2.1.1 allows remote attackers to read arbitrary files via ".." sequences in unspecified vectors...

CVE-2006-0847

Directory traversal vulnerability in the staticfilter component in CherryPy before 2.1.1 allows remote attackers to read arbitrary files via ".." sequences in unspecified vectors...

CVE-2006-0847

Directory traversal vulnerability in the staticfilter component in CherryPy before 2.1.1 allows remote attackers to read arbitrary files via ".." sequences in unspecified vectors...

CVE-2006-0847

CherryPy’s staticfilter component contains a directory traversal vulnerability (CVE-2006-0847) that allows remote attackers to read arbitrary files via ".." sequences in unspecified vectors. Affected: CherryPy prior to 2.1.1. Impact: could expose arbitrary server files. Root cause: inadequate inp...

CVE-2006-0847

Removed by vendor...

CherryPy < 2.1.1 staticfilter Directory Traversal Arbitrary File Access

Binary data 3442.prm...

CherryPy staticFilter Traversal Arbitrary File Access

The remote host is running CherryPy, a web server powered by Python. The installed version of CherryPy fails to filter directory traversal sequences from requests that pass through its 'staticFilter' module. An attacker can exploit this issue to read arbitrary files on the remote host subject to...

[SA18944] CherryPy &quot;staticfilter&quot; Directory Traversal Vulnerability

TITLE: CherryPy "staticfilter" Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA18944 VERIFY ADVISORY: http://secunia.com/advisories/18944/ CRITICAL: Moderately critical IMPACT: Exposure of sensitive information WHERE: From remote SOFTWARE: CherryPy 2.x http://secunia.com/product/8195/...