7.5

CVE-2005-0089

The SimpleXMLRPCServer library module in Python 2.2, 2.3 before 2.3.5, and 2.4, when used by XML-RPC servers that use the register_instance method to register an object without a _dispatch method, allows remote attackers to read or modify globals of the associated module, and possibly execute arbitrary code, via dotted attributes.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PythonPython Version < 2.3.5
PythonPython Version2.4.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.22% 0.914
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.trustix.org/errata/2005/0003/
Third Party Advisory
http://marc.info/?l=bugtraq&m=110746469728728&w=2
Third Party Advisory
Mailing List
http://python.org/security/PSF-2005-001/patch-2.2.txt
Patch
Broken Link
http://secunia.com/advisories/14128
Broken Link
http://securitytracker.com/id?1013083
Third Party Advisory
Broken Link
VDB Entry
http://www.debian.org/security/2005/dsa-666
Patch
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2005:035
Third Party Advisory
Broken Link
http://www.python.org/security/PSF-2005-001/
Patch
Vendor Advisory
Broken Link
http://www.redhat.com/support/errata/RHSA-2005-108.html
Third Party Advisory
http://www.securityfocus.com/bid/12437
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/19217
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9811
Broken Link