5

CVE-2006-0847

Directory traversal vulnerability in the staticfilter component in CherryPy before 2.1.1 allows remote attackers to read arbitrary files via ".." sequences in unspecified vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CherrypyCherrypy Version0.1
CherrypyCherrypy Version0.2
CherrypyCherrypy Version0.3
CherrypyCherrypy Version0.4
CherrypyCherrypy Version0.5
CherrypyCherrypy Version0.6
CherrypyCherrypy Version0.7
CherrypyCherrypy Version0.8
CherrypyCherrypy Version0.8_beta
CherrypyCherrypy Version0.9
CherrypyCherrypy Version0.9_beta
CherrypyCherrypy Version0.9_gamma
CherrypyCherrypy Version0.9_rc1
CherrypyCherrypy Version0.10
CherrypyCherrypy Version0.10_beta
CherrypyCherrypy Version0.10_rc1
CherrypyCherrypy Version2.0.0
CherrypyCherrypy Version2.0.0a1
CherrypyCherrypy Version2.1.0
CherrypyCherrypy Version2.1.0_beta
CherrypyCherrypy Version2.1.0_rc1
CherrypyCherrypy Version2.1.0_rc2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.33% 0.813
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://groups.google.com/group/cherrypy-announce/browse_thread/thread/92b2972f774fe6df/2f63afc9433dc306#2f63afc9433dc306
Patch
http://secunia.com/advisories/18944
http://secunia.com/advisories/20344
http://sourceforge.net/project/shownotes.php?release_id=384316&group_id=56099
http://www.cherrypy.org/
http://www.gentoo.org/security/en/glsa/glsa-200605-16.xml
http://www.securityfocus.com/bid/16760
Patch
http://www.vupen.com/english/advisories/2006/0677
https://exchange.xforce.ibmcloud.com/vulnerabilities/24809