Apache mod_python information leak

If used in output filter mode, large output can lead to content of freed memory is leaked...

[USN-430-1] mod_python vulnerability

=========================================================== Ubuntu Security Notice USN-430-1 March 06, 2007 libapache2-mod-python vulnerability CVE-2004-2680 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.10 Ubuntu 6.06...

USN-430-1: mod_python vulnerability

Miles Egan discovered that modpython, when used in output filter mode, did not handle output larger than 16384 bytes, and would display freed memory, possibly disclosing private data. Thanks to Jim Garrison of the Software Freedom Law Center for identifying the original bug as a security...

CVE-2004-2680

modpython libapache2-mod-python 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory...

CVE-2004-2680

CVE-2004-2680 affects mod_python (libapache2-mod-python) 3.1.4 and earlier. The root cause is improper handling of output filters when processing more than 16,384 bytes, causing filter.read to return portions of previously freed memory. Practical impact is a potential data exposure and instabilit...

CVE-2004-2680

modpython libapache2-mod-python 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory...

Directory traversal

Directory traversal vulnerability in the FileSession object in Modpython module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie...

CVE-2006-1095

Directory traversal vulnerability in the FileSession object in Modpython module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie...

CVE-2006-1095

Directory traversal vulnerability in the FileSession object in Modpython module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie...

CVE-2006-1095

The CVE-2006-1095 entry applies to Apache’s mod_python (FileSession object) and 3.2.7, where a directory traversal via a crafted session cookie can allow local code execution. Affected component: mod_python 3.2.7 for Apache (FileSession). Root cause: directory traversal in session handling. Impac...

Apache mod_python < 3.2.8 Remote Command Execution

Binary data 3453.prm...

Apache mod_python Handle Abuse Vulnerability

Apache modpython is prone to a handle abuse vulnerability. SPDX-FileCopyrightText: 2002 Thomas Reinke Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:modpython";...

mod_python handle abuse

The remote host is using the Apache modpython module which is version 2.7.6 or older. These versions allow a module which is indirectly imported by a published module to then be accessed via the publisher, which allows remote attackers to call possibly dangerous functions from the imported module...

FreeBSD : mod_python -- information leakage vulnerability (5192e7ca-7d4f-11d9-a9e7-0001020eed82)

Mark J Cox reports : Graham Dumpleton discovered a flaw which can affect anyone using the publisher handle of the Apache Software Foundation modpython. The publisher handle lets you publish objects inside modules to make them callable via URL. The flaw allows a carefully crafted URL to obtain ext...

CVE-2005-0088

The publisher handler for modpython 2.7.8 and earlier allows remote attackers to obtain access to restricted objects via a crafted URL...

DEBIAN-CVE-2005-0088

The publisher handler for modpython 2.7.8 and earlier allows remote attackers to obtain access to restricted objects via a crafted URL...

CVE-2005-0088

The publisher handler for modpython 2.7.8 and earlier allows remote attackers to obtain access to restricted objects via a crafted URL...

[SECURITY] [DSA 689-1] New mod_python packages fix information leak

-------------------------------------------------------------------------- Debian Security Advisory DSA 689-1 [email protected] http://www.debian.org/security/ Martin Schulze February 23rd, 2005 http://www.debian.org/security/faq -...

RHEL 4 : mod_python (RHSA-2005:100)

The remote Redhat Enterprise Linux 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2005:100 advisory. Modpython is a module that embeds the Python language interpreter within the Apache web server, allowing handlers to be written in Python. Graham...

mod_python vulnerable to information disclosure via crafted URL

Overview The Apache modpython module is vulnerable to unintended remote information disclosure using specially crafted URLs. Description From the modpython web page:Modpython is an Apache module that embeds the Python interpreter within the server. With modpython you can write web-based...