Vulnerabilities > CVE-2006-0847 - Directory Traversal vulnerability in CherryPy StaticFilter
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Directory traversal vulnerability in the staticfilter component in CherryPy before 2.1.1 allows remote attackers to read arbitrary files via ".." sequences in unspecified vectors.
Vulnerable Configurations
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200605-16.NASL description The remote host is affected by the vulnerability described in GLSA-200605-16 (CherryPy: Directory traversal vulnerability) Ivo van der Wijk discovered that the last seen 2020-06-01 modified 2020-06-02 plugin id 21614 published 2006-05-31 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21614 title GLSA-200605-16 : CherryPy: Directory traversal vulnerability code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200605-16. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(21614); script_version("1.14"); script_cvs_date("Date: 2019/08/02 13:32:43"); script_cve_id("CVE-2006-0847"); script_xref(name:"GLSA", value:"200605-16"); script_name(english:"GLSA-200605-16 : CherryPy: Directory traversal vulnerability"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200605-16 (CherryPy: Directory traversal vulnerability) Ivo van der Wijk discovered that the 'staticfilter' component of CherryPy fails to sanitize input correctly. Impact : An attacker could exploit this flaw to obtain arbitrary files from the web server. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200605-16" ); script_set_attribute( attribute:"solution", value: "All CherryPy users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-python/cherrypy-2.1.1'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:cherrypy"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2006/05/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/05/31"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/01/10"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"dev-python/cherrypy", unaffected:make_list("ge 2.1.1"), vulnerable:make_list("lt 2.1.1"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "CherryPy"); }NASL family CGI abuses NASL id CHERRYPY_STATICFILTER_DIR_TRAVERSAL.NASL description The remote host is running CherryPy, a web server powered by Python. The installed version of CherryPy fails to filter directory traversal sequences from requests that pass through its last seen 2020-06-01 modified 2020-06-02 plugin id 20961 published 2006-02-22 reporter This script is Copyright (C) 2006-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/20961 title CherryPy staticFilter Traversal Arbitrary File Access
References
- http://groups.google.com/group/cherrypy-announce/browse_thread/thread/92b2972f774fe6df/2f63afc9433dc306#2f63afc9433dc306
- http://secunia.com/advisories/18944
- http://secunia.com/advisories/20344
- http://sourceforge.net/project/shownotes.php?release_id=384316&group_id=56099
- http://www.cherrypy.org/
- http://www.gentoo.org/security/en/glsa/glsa-200605-16.xml
- http://www.securityfocus.com/bid/16760
- http://www.vupen.com/english/advisories/2006/0677
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24809