openSUSE Security Update : python3 (openSUSE-SU-2014:1070-1)

This python3 update fixes the following security and non security issues : - CGIHTTPServer filedisclosure and directory traversal through URL-encoded characters CVE-2014-4650, bnc885882 - DoS on ssl.matchhostname via a crafted certificate with too many wildcards CVE-2013-2099, bnc886001 - fix...

openSUSE Security Update : python (openSUSE-SU-2014:1046-1)

This python update fixes the following security and non security issues : - CGIHTTPServer file disclosure and directory traversal through URL-encoded characters CVE-2014-4650, bnc885882 - remove link count optimizations that are incorrect on btrfs and possibly other filesystems %NASLMINLEVEL 7030...

openSUSE Security Update : python (openSUSE-SU-2014:1041-1)

This python update fixes the following security and no security issues : - CGIHTTPServer file disclosure and directory traversal through URL-encoded characters CVE-2014-4650, bnc885882 - remove link count optimizations that are incorrect on btrfs and possibly other filesystems %NASLMINLEVEL 70300...

openSUSE Security Update : python3 (openSUSE-SU-2014:1042-1)

This python3 update fixes the following security and non security issues : - CGIHTTPServer file disclosure and directory traversal through URL-encoded characters CVE-2014-4650, bnc885882 - fix importfailed hook file names %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text a...

SuSE 11.3 Security Update : Python (SAT Patch Number 9581)

This update for Python provides fixes for the following issues : - CGIHTTPServer file disclosure and directory traversal through URL-encoded characters. CVE-2014-4650 - The 'urlparse' module has been updated to correctly parse IPv6 addresses. bnc872848 - Correctly enable IPv6 support. %NASLMINLEV...

python security vulnerabilities

json information leak, CGIHTTPServer unauthroized files access and code execution, lz4 integer overflow...

[oss-security] CVE ID Request for Python CGIHTTPServer File Disclosure

Hi, I would like to request a CVE ID for a file disclosure vulnerability in the Python CGIHTTPServer class. Current details are available in the Python bug tracker: http://bugs.python.org/issue21766 Kind Regards Till -- RedTeam Pentesting GmbH Tel.: +49 241 510081-0 Dennewartstr. 25-27 Fax : +49...

Updated python & python3 packages fix two vulnerabilities

Updated python and python3 packages fix security vulnerabilities: Python 2 and 3 are susceptible to arbitrary process memory reading by a user or adversary due to a bug in the json module caused by insufficient bounds checking. The bug is caused by allowing the user to supply a negative value tha...

Python CGIHTTPServer Encoded Path Traversal

No description provided by source...

Python CGIHTTPServer Encoded Path Traversal Vulnerability

The CGIHTTPServer Python module does not properly handle URL-encoded path separators in URLs. This may enable attackers to disclose a CGI script's source code or execute arbitrary CGI scripts in the server's document root. The CGIHTTPServer Python module does not properly handle URL-encoded path...

Python CGIHTTPServer - Encoded Directory Traversal

Advisory: Python CGIHTTPServer File Disclosure and Potential Code Execution The CGIHTTPServer Python module does not properly handle URL-encoded path separators in URLs. This may enable attackers to disclose a CGI script's source code or execute arbitrary CGI scripts in the server's document root...

Python CGIHTTPServer - Encoded Directory Traversal

Python CGIHTTPServer - Encoded Directory Traversal Advisory: Python CGIHTTPServer File Disclosure and Potential Code Execution The CGIHTTPServer Python module does not properly handle URL-encoded path separators in URLs. This may enable attackers to disclose a CGI script's source code or execute...

Python CGIHTTPServer File Disclosure / Code Execution

Advisory: Python CGIHTTPServer File Disclosure and Potential Code Execution The CGIHTTPServer Python module does not properly handle URL-encoded path separators in URLs. This may enable attackers to disclose a CGI script's source code or execute arbitrary CGI scripts in the server's document root...

PT-2014-1704 · Python +5 · Python +5

Name of the Vulnerable Software and Affected Versions: Python versions 2.7.5 and 3.3.4 Description: The issue arises from the CGIHTTPServer module's improper handling of URL-encoded path separators in URLs. This allows remote attackers to read script source code, conduct directory traversal...

SuSE 11.1 Security Update : libpython2_6-1_0, libpython2_6-1_0-32bit, libpython2_6-1_0-x86, python, etc (SAT Patch Number 6310)

This update to python 2.6.8 fixes the following bugs, among others : - XMLRPC Server DoS. CVE-2012-0845, bnc747125 - hash randomization issues. CVE-2012-1150, bnc751718 - insecure creation of .pypirc. CVE-2011-4944, bnc754447 - SimpleHTTPServer XSS. CVE-2011-1015, bnc752375 - functions can accept...

Ubuntu 8.04 LTS : python2.4 vulnerabilities (USN-1613-2)

USN-1613-1 fixed vulnerabilities in Python 2.5. This update provides the corresponding updates for Python 2.4. It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit thi...

Ubuntu 8.04 LTS : python2.5 vulnerabilities (USN-1613-1)

It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. CVE-2008-5983 It was discovered that the audioop module did not correctly perform...

USN-1613-2: Python 2.4 vulnerabilities

USN-1613-1 fixed vulnerabilities in Python 2.5. This update provides the corresponding updates for Python 2.4. Original advisory details: It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working...

USN-1613-1: Python 2.5 vulnerabilities

It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. CVE-2008-5983 It was discovered that the audioop module did not correctly perform...

USN-1596-1: Python 2.6 vulnerabilities

It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. CVE-2008-5983 It was discovered that the audioop module did not correctly perform...