Lucene search
K

8 matches found

OSV
OSV
added 2014/10/25 10:55 p.m.5 views

CVE-2014-3137

Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 does not properly limit content types, which allows remote attackers to bypass intended access restrictions via an accepted Content-Type followed by a ; semi-colon and a Content-Type that would not be accepted, as...

7.2AI score
Exploits0References5
CVE
CVE
added 2014/10/25 10:0 p.m.60 views

CVE-2014-3137

CVE-2014-3137 affects Bottle: 0.10.x prior to 0.10.12, 0.11.x prior to 0.11.7, and 0.12.x prior to 0.12.6. The issue is that the framework does not properly constrain accepted Content-Types, allowing an attacker to bypass access restrictions by sending an initial accepted Content-Type followed by...

6.8CVSS7.3AI score0.03101EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2014/08/15 12:0 a.m.21 views

Fedora 20 : python-bottle-0.12.6-1.fc20 (2014-8334)

resolves rhbz1093257 - JSON content type not restrictive enough Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additiona...

6.8CVSS5.3AI score0.03101EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2014/08/15 12:0 a.m.23 views

Fedora 19 : python-bottle-0.12.6-1.fc19 (2014-8328)

resolves rhbz1093257 - JSON content type not restrictive enough Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additiona...

6.8CVSS5.3AI score0.03101EPSS
Exploits0References3
securityvulns
securityvulns
added 2014/06/14 12:0 a.m.58 views

[SECURITY] [DSA 2948-1] python-bottle security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2948-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff June 04, 2014 http://www.debian.org/security/faq -...

6.8CVSS1.5AI score0.03101EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/06/05 12:0 a.m.22 views

Debian DSA-2948-1 : python-bottle - security update

It was discovered that Bottle, a WSGI-framework for Python, performed a too permissive detection of JSON content, resulting a potential bypass of security mechanisms. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

6.8CVSS5.3AI score0.03101EPSS
Exploits0References3
Debian
Debian
added 2014/06/04 3:59 p.m.21 views

[SECURITY] [DSA 2948-1] python-bottle security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2948-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff June 04, 2014 http://www.debian.org/security/faq -...

6.8CVSS5.8AI score0.03101EPSS
Exploits0
OpenVAS
OpenVAS
added 2014/06/03 12:0 a.m.28 views

Debian: Security Advisory (DSA-2948-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS6.5AI score0.03101EPSS
Exploits0References3
Rows per page
Query Builder