7.5

CVE-2005-0089

The SimpleXMLRPCServer library module in Python 2.2, 2.3 before 2.3.5, and 2.4, when used by XML-RPC servers that use the register_instance method to register an object without a _dispatch method, allows remote attackers to read or modify globals of the associated module, and possibly execute arbitrary code, via dotted attributes.

Data is provided by the National Vulnerability Database (NVD)
PythonPython Version < 2.3.5
PythonPython Version2.4.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 9.11% 0.924
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
http://marc.info/?l=bugtraq&m=110746469728728&w=2
Third Party Advisory
Mailing List
http://securitytracker.com/id?1013083
Third Party Advisory
Broken Link
VDB Entry
http://www.python.org/security/PSF-2005-001/
Patch
Vendor Advisory
Broken Link
http://www.securityfocus.com/bid/12437
Third Party Advisory
VDB Entry