Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0252

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-0252
Last Modified 07 Mar 2011 10:04:12
Published 11 Jan 2008 09:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-0252

Summary

Directory traversal vulnerability in the _get_file_path function in (1) lib/sessions.py in CherryPy 3.0.x up to 3.0.2, (2) filter/sessionfilter.py in CherryPy 2.1, and (3) filter/sessionfilter.py in CherryPy 2.x allows remote attackers to create or delete arbitrary files, and possibly read and write portions of arbitrary files, via a crafted session id in a cookie.

Vulnerable Systems

Application

  • Cherrypy 2.1.0

  • Cherrypy 3.0.2


References

CONFIRM - http://www.cherrypy.org/changeset/1775

CONFIRM - http://www.cherrypy.org/changeset/1774

FEDORA - FEDORA-2008-0333

FEDORA - FEDORA-2008-0299

CONFIRM - https://bugs.gentoo.org/show_bug.cgi?id=204829

VUPEN - ADV-2008-0039

CONFIRM - http://www.cherrypy.org/ticket/744

CONFIRM - http://www.cherrypy.org/changeset/1776

SECUNIA - 28354

SECUNIA - 28353

CONFIRM - https://issues.rpath.com/browse/RPL-2127

BID - 27181

BUGTRAQ - 20080124 rPSA-2008-0030-1 CherryPy

DEBIAN - DSA-1481

GENTOO - GLSA-200801-11

SECUNIA - 28769

SECUNIA - 28620

SECUNIA - 28611


Last Updated: 27 May 2016 10:46:44