[python-cherrypy] [CVE-2008-0252] missing input sanitising, remote vulnerability
Bug #191198 reported by
disabled.user
This bug report is a duplicate of:
Bug #187481: [CVE-2008-0252] Directory traversal vulnerability allows modification of arbitrary files.
Edit
Remove
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| python-cherrypy (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
| Dapper |
Confirmed
|
Undecided
|
Unassigned | ||
| Edgy |
Confirmed
|
Undecided
|
Unassigned | ||
| Feisty |
Confirmed
|
Undecided
|
Unassigned | ||
| Gutsy |
Confirmed
|
Undecided
|
Unassigned | ||
| Hardy |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
Binary package hint: python-cherrypy
References:
DSA-1481-1 (http://
Quoting:
"It was discovered that a directory traversal vulnerability in CherryPy,
a pythonic, object-oriented web development framework may lead to denial
of service by deleting files through malicious session IDs in cookies."
CVE References
| Changed in python-cherrypy: | |
| status: | New → Confirmed |
| status: | New → Confirmed |
| status: | New → Confirmed |
| status: | New → Confirmed |
| status: | New → Fix Released |
Revision history for this message
| Lars Friedrichs (l-friedrichs) wrote | #1 |
Revision history for this message
| Jamie Strandboge (jdstrand) wrote | #2 |
To post a comment you must log in.
Hi,
I tried to backport the patch to feisty. I hope everything is correct as this is my first security fix.
Please let me know if things are allright.
Bye
Lars