14 matches found
MiracleLinux 9 : python-tornado-6.1.0-9.el9 (AXSA:2023-6669:02)
The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2023-6669:02 advisory. python-tornado: open redirect vulnerability in StaticFileHandler under certain configurations CVE-2023-28370 Tenable has extracted the preceding description...
python-tornado security update
6.1.0-9 - Fix an open redirect in StaticFileHandler Resolves: CVE-2023-28370...
ALSA-2023:6523 Moderate: python-tornado security update
Tornado is a Python web framework and asynchronous networking library that provides an open source version of scalable, non-blocking web server and tools. Security Fixes: python-tornado: open redirect vulnerability in StaticFileHandler under certain configurations CVE-2023-28370 For more details...
Moderate: python-tornado security update
Tornado is a Python web framework and asynchronous networking library that provides an open source version of scalable, non-blocking web server and tools. Security Fixes: python-tornado: open redirect vulnerability in StaticFileHandler under certain configurations CVE-2023-28370 For more details...
SUSE-SU-2023:3143-1 Security update for salt
This update for salt fixes the following issues: Security fixes: - CVE-2023-28370: Fix an open redirect vulnerability in 'StaticFileHandler' under certain configurations bsc1211741 Bug fixes: - Prevent error loading 'knownhosts' when '$HOME' is not set bsc1210994 - Fix ModuleNotFoundError and oth...
SUSE-SU-2023:3123-1 Security update for salt
This update for salt fixes the following issues: Security fixes: - CVE-2023-28370: Fix an open redirect vulnerability in 'StaticFileHandler' under certain configurations bsc1211741 Bug fixes: - Prevent error loading 'knownhosts' when '$HOME' is not set. bsc1210994 - Fix ModuleNotFoundError and...
CVE-2022-37109
patrickfuller camp up to and including commit bbd53a256ed70e79bd8758080936afbf6d738767 is vulnerable to Incorrect Access Control. Access to the password.txt file is not properly restricted as it is in the root directory served by StaticFileHandler and the Tornado rule to throw a 403 error when...
CVE-2022-37109
patrickfuller camp up to and including commit bbd53a256ed70e79bd8758080936afbf6d738767 is vulnerable to Incorrect Access Control. Access to the password.txt file is not properly restricted as it is in the root directory served by StaticFileHandler and the Tornado rule to throw a 403 error when...
Improper access control
patrickfuller camp up to and including commit bbd53a256ed70e79bd8758080936afbf6d738767 is vulnerable to Incorrect Access Control. Access to the password.txt file is not properly restricted as it is in the root directory served by StaticFileHandler and the Tornado rule to throw a 403 error when...
CVE-2022-37109
patrickfuller camp up to and including commit bbd53a256ed70e79bd8758080936afbf6d738767 is vulnerable to Incorrect Access Control. Access to the password.txt file is not properly restricted as it is in the root directory served by StaticFileHandler and the Tornado rule to throw a 403 error when...
CVE-2022-37109
CVE-2022-37109 affects the "camp" Raspberry Pi camera server up to commit bbd53a256ed70e79bd8758080936afbf6d738767. The root cause is Incorrect Access Control: password.txt is served from the StaticFileHandler root and the 403 bypass persists, allowing access to password.txt. Additionally, the pa...
Mono System.Web StaticFileHandler.cs源码泄露漏洞
BUGTRAQ ID: 26166 CVECAN ID: CVE-2007-5473 Mono是基于.NET框架的开源开发平台,允许开发人员构建Linux和跨平台的应用。 运行在Windows平台上的Mono中StaticFileHandler.cs文件没有正确地处理某些用户请求,可能导致源码泄露。 如果请求中所使用的文件名以空格或句号结束的话,Win32子系统就无法正确地处理这样的文件名,会忽略拖尾字符,允许调用的应用程序打开磁盘上的文件,即使该文件的名称不包含有请求中所使用的拖尾字符。发送上述请求就会导致XSP返回所请求页面的源码。 Mono 1.x...
CVE-2007-5473
StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when running on Windows, allows remote attackers to obtain source code of sensitive files via a request containing a trailing 1 space or 2 dot, which is not properly handled by XSP...
CVE-2007-5473
StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when running on Windows, allows remote attackers to obtain source code of sensitive files via a request containing a trailing 1 space or 2 dot, which is not properly handled by XSP...