PT-2008-1896 · Cherrypy · Cherrypy

Publicado

2008-01-12

Atualizado

2022-05-01

CVE-2008-0252

CVSS v4.0

8.7

Alta

Vetor

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions CherryPy versions 2.1 CherryPy versions 2.x CherryPy versions 3.0.x up to 3.0.2

Description A directory traversal issue in the get file path function allows remote attackers to create or delete arbitrary files, and possibly read and write portions of arbitrary files, via a crafted session id in a cookie. This issue affects various components, including lib/sessions.py and filter/sessionfilter.py.

Recommendations For CherryPy version 2.1, update to a version that fixes the get file path function issue. For CherryPy version 2.x, update to a version that fixes the get file path function issue. For CherryPy versions 3.0.x up to 3.0.2, update to a version that fixes the get file path function issue.

Exploit

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

CVE-2008-0252

DSA-1481-1

GHSA-76X8-GG39-5JJG

PYSEC-2008-3

Produtos afetados

Cherrypy

PT-2008-1896 · Cherrypy · Cherrypy

CVE-2008-0252

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 35