8 matches found
CVE-2014-3137
Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 does not properly limit content types, which allows remote attackers to bypass intended access restrictions via an accepted Content-Type followed by a ; semi-colon and a Content-Type that would not be accepted, as...
CVE-2014-3137
CVE-2014-3137 affects Bottle: 0.10.x prior to 0.10.12, 0.11.x prior to 0.11.7, and 0.12.x prior to 0.12.6. The issue is that the framework does not properly constrain accepted Content-Types, allowing an attacker to bypass access restrictions by sending an initial accepted Content-Type followed by...
Fedora 20 : python-bottle-0.12.6-1.fc20 (2014-8334)
resolves rhbz1093257 - JSON content type not restrictive enough Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additiona...
Fedora 19 : python-bottle-0.12.6-1.fc19 (2014-8328)
resolves rhbz1093257 - JSON content type not restrictive enough Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additiona...
[SECURITY] [DSA 2948-1] python-bottle security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2948-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff June 04, 2014 http://www.debian.org/security/faq -...
Debian DSA-2948-1 : python-bottle - security update
It was discovered that Bottle, a WSGI-framework for Python, performed a too permissive detection of JSON content, resulting a potential bypass of security mechanisms. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...
[SECURITY] [DSA 2948-1] python-bottle security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2948-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff June 04, 2014 http://www.debian.org/security/faq -...
Debian: Security Advisory (DSA-2948-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...