Lucene search
+L

183 matches found

OSV
OSV
added 2021/04/07 9:5 p.m.5 views

GHSA-QHX9-7HX7-CP4R bottle HTTP Request smuggling

The package bottle before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of the request between the proxy running with default...

6.8CVSS5.9AI score0.01837EPSS
Exploits1References8
OSV
OSV
added 2021/04/02 8:25 p.m.6 views

MGASA-2021-0171 Updated python-bottle packages fix security vulnerability

Updated python-bottle packages fix security vulnerability: python-bottle before 0.12.19 is vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of the...

6.8CVSS6.5AI score0.01837EPSS
Exploits1References3
Mageia
Mageia
added 2021/04/02 8:25 p.m.25 views

Updated python-bottle packages fix security vulnerability

Updated python-bottle packages fix security vulnerability: python-bottle before 0.12.19 is vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of the...

6.8CVSS2.1AI score0.01837EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2021/03/09 12:0 a.m.8 views

The vulnerability of the WSGI Micro-Framework configuration, Bottle, allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the WSGI Micro-Framework “Bottle” is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

9CVSS6.7AI score0.01837EPSS
Exploits1References8Affected Software6
OSV
OSV
added 2021/03/05 11:2 a.m.4 views

OESA-2021-1067 python-bottle security update

Bottle is a fast, simple and lightweight WSGI micro web-framework for Python. It is distributed as a single file module and has no dependencies other than the Python Standard Library. Security Fixes: The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a...

6.8CVSS6.9AI score0.01837EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2021/02/22 12:0 a.m.36 views

openSUSE Security Update : python-bottle (openSUSE-2021-302)

This update for python-bottle fixes the following issues : - CVE-2020-28473: Fixed Web Cache Poisoning vulnerability using parameter cloaking bsc1182181. This update was imported from the SUSE:SLE-15:Update update project. C Tenable Network Security, Inc. The descriptive text and package checks i...

6.8CVSS6.4AI score0.01837EPSS
Exploits1References2
OSV
OSV
added 2021/02/16 3:21 p.m.7 views

OPENSUSE-SU-2021:0302-1 Security update for python-bottle

This update for python-bottle fixes the following issues: - CVE-2020-28473: Fixed Web Cache Poisoning vulnerability using parameter cloaking bsc1182181. This update was imported from the SUSE:SLE-15:Update update project...

6.8CVSS6.9AI score0.01837EPSS
Exploits1References3
OSV
OSV
added 2021/02/16 9:4 a.m.7 views

SUSE-SU-2021:0483-1 Security update for python-bottle

This update for python-bottle fixes the following issues: - CVE-2020-28473: Fixed Web Cache Poisoning vulnerability using parameter cloaking bsc1182181...

6.8CVSS6.6AI score0.01837EPSS
Exploits1References3
OPENSUSE Linux
OPENSUSE Linux
added 2021/02/16 12:0 a.m.30 views

Security update for python-bottle (important)

openSUSE Security Update: Security update for python-bottle Announcement ID: openSUSE-SU-2021:0302-1 Rating: important References: 1182181 Cross-References: CVE-2020-28473 CVSS scores: CVE-2020-28473 NVD : 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2020-28473 SUSE: 6.8...

6.8CVSS6.6AI score0.01837EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2021/02/09 12:50 p.m.21 views

CVE-2020-28473

The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of the request between the proxy running with...

6.8CVSS2.8AI score0.01837EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2021/01/25 12:0 a.m.27 views

Debian DLA-2531-1 : python-bottle security update

The package src:python-bottle before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of the request between the proxy running with...

6.8CVSS6.3AI score0.01837EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2021/01/25 12:0 a.m.11 views

Debian: Security Advisory (DLA-2531-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS6.6AI score0.01837EPSS
Exploits1References4
Debian
Debian
added 2021/01/24 7:19 p.m.97 views

[SECURITY] [DLA 2531-1] python-bottle security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-2531-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta January 24, 2021 https://wiki.debian.org/LTS -...

6.8CVSS6.4AI score0.01837EPSS
Exploits1
OSV
OSV
added 2021/01/24 12:0 a.m.18 views

DLA-2531-1 python-bottle - security update

Bulletin has no description...

6.8CVSS6.4AI score0.01837EPSS
Exploits1
Veracode
Veracode
added 2021/01/19 1:45 a.m.19 views

HTTP Request Smuggling

bottle is vulnerable to HTTP request smuggling. An attacker is able to send a malicious request containing a separate query parameter using a semicolon ;, resulting in unexpected interpretations of the request between the proxy and the server, and potentially poisoning the web cache...

6.8CVSS0.8AI score0.01837EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2021/01/18 12:15 p.m.20 views

CVE-2020-28473

The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of the request between the proxy running with...

6.8CVSS6.3AI score0.01837EPSS
Exploits1References4
OSV
OSV
added 2021/01/18 12:15 p.m.5 views

DEBIAN-CVE-2020-28473

The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of the request between the proxy running with...

6.8CVSS6.4AI score0.01837EPSS
Exploits1References1
PyPA
PyPA
added 2021/01/18 12:15 p.m.10 views

PYSEC-2021-129

The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of the request between the proxy running with...

6.8CVSS6.9AI score0.01837EPSS
Exploits1References5Affected Software1
UbuntuCve
UbuntuCve
added 2021/01/18 12:15 p.m.33 views

CVE-2020-28473

The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of the request between the proxy running with...

6.8CVSS6.7AI score0.01837EPSS
Exploits1References5
OSV
OSV
added 2021/01/18 12:15 p.m.4 views

UBUNTU-CVE-2020-28473

The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of the request between the proxy running with...

6.8CVSS5.8AI score0.01837EPSS
Exploits1References6
Rows per page
Query Builder