Vulnerabilities > CVE-2014-4650 - Path Traversal vulnerability in multiple products

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
python
redhat
CWE-22
critical
nessus
exploit available

Summary

The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator.

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Relative Path Traversal
    An attacker exploits a weakness in input validation on the target by supplying a specially constructed path utilizing dot and slash characters for the purpose of obtaining access to arbitrary files or resources. An attacker modifies a known path on the target in order to reach material that is not available through intended channels. These attacks normally involve adding additional path separators (/ or \) and/or dots (.), or encodings thereof, in various combinations in order to reach parent directories or entirely separate trees of the target's directory structure.
  • Directory Traversal
    An attacker with access to file system resources, either directly or via application logic, will use various file path specification or navigation mechanisms such as ".." in path strings and absolute paths to extend their range of access to inappropriate areas of the file system. The attacker attempts to either explore the file system for recon purposes or access directories and files that are intended to be restricted from their access. Exploring the file system can be achieved through constructing paths presented to directory listing programs, such as "ls" and 'dir', or through specially crafted programs that attempt to explore the file system. The attacker engaging in this type of activity is searching for information that can be used later in a more exploitive attack. Access to restricted directories or files can be achieved through modification of path references utilized by system applications.
  • File System Function Injection, Content Based
    An attack of this type exploits the host's trust in executing remote content including binary files. The files are poisoned with a malicious payload (targeting the file systems accessible by the target software) by the attacker and may be passed through standard channels such as via email, and standard web content like PDF and multimedia files. The attacker exploits known vulnerabilities or handling routines in the target processes. Vulnerabilities of this type have been found in a wide variety of commercial applications from Microsoft Office to Adobe Acrobat and Apple Safari web browser. When the attacker knows the standard handling routines and can identify vulnerabilities and entry points they can be exploited by otherwise seemingly normal content. Once the attack is executed, the attackers' program can access relative directories such as C:\Program Files or other standard system directories to launch further attacks. In a worst case scenario, these programs are combined with other propagation logic and work as a virus.
  • Using Slashes and URL Encoding Combined to Bypass Validation Logic
    This attack targets the encoding of the URL combined with the encoding of the slash characters. An attacker can take advantage of the multiple way of encoding an URL and abuse the interpretation of the URL. An URL may contain special character that need special syntax handling in order to be interpreted. Special characters are represented using a percentage character followed by two digits representing the octet code of the original character (%HEX-CODE). For instance US-ASCII space character would be represented with %20. This is often referred as escaped ending or percent-encoding. Since the server decodes the URL from the requests, it may restrict the access to some URL paths by validating and filtering out the URL requests it received. An attacker will try to craft an URL with a sequence of special characters which once interpreted by the server will be equivalent to a forbidden URL. It can be difficult to protect against this attack since the URL can contain other format of encoding such as UTF-8 encoding, Unicode-encoding, etc.
  • Manipulating Input to File System Calls
    An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.

Exploit-Db

descriptionPython CGIHTTPServer Encoded Path Traversal. CVE-2014-4650. Webapps exploits for multiple platform
idEDB-ID:33894
last seen2016-02-03
modified2014-06-27
published2014-06-27
reporterRedTeam Pentesting
sourcehttps://www.exploit-db.com/download/33894/
titlePython CGIHTTPServer Encoded Path Traversal

Nessus

  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2015-1330.NASL
    descriptionFrom Red Hat Security Advisory 2015:1330 : Updated python packages that fix multiple security issues, several bugs and add one enhancement are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme, or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and MFC). It was discovered that the socket.recvfrom_into() function failed to check the size of the supplied buffer. This could lead to a buffer overflow when the function was called with an insufficiently sized buffer. (CVE-2014-1912) It was discovered that multiple Python standard library modules implementing network protocols (such as httplib or smtplib) failed to restrict the sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory. (CVE-2013-1752) It was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose the source code of the scripts in the cgi-bin directory. (CVE-2014-4650) An integer overflow flaw was found in the way the buffer() function handled its offset and size arguments. An attacker able to control these arguments could use this flaw to disclose portions of the application memory or cause it to crash. (CVE-2014-7185) These updated python packages also include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. For information on the most significant of these changes, users are directed to the following article on the Red Hat Customer Portal : https://access.redhat.com/articles/1495363 All python users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement.
    last seen2020-03-18
    modified2015-07-30
    plugin id85099
    published2015-07-30
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85099
    titleOracle Linux 6 : python (ELSA-2015-1330)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2014-504.NASL
    descriptionThis python update fixes the following security and non security issues : - CGIHTTPServer file disclosure and directory traversal through URL-encoded characters (CVE-2014-4650, bnc#885882) - remove link count optimizations that are incorrect on btrfs (and possibly other filesystems)
    last seen2020-06-05
    modified2014-08-21
    plugin id77293
    published2014-08-21
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77293
    titleopenSUSE Security Update : python (openSUSE-SU-2014:1046-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2014-506.NASL
    descriptionThis python3 update fixes the following security and non security issues : - CGIHTTPServer file disclosure and directory traversal through URL-encoded characters (CVE-2014-4650, bnc#885882) - fix import_failed hook file names
    last seen2020-06-05
    modified2014-08-21
    plugin id77295
    published2014-08-21
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77295
    titleopenSUSE Security Update : python3 (openSUSE-SU-2014:1042-1)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2015-1330.NASL
    descriptionUpdated python packages that fix multiple security issues, several bugs and add one enhancement are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme, or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and MFC). It was discovered that the socket.recvfrom_into() function failed to check the size of the supplied buffer. This could lead to a buffer overflow when the function was called with an insufficiently sized buffer. (CVE-2014-1912) It was discovered that multiple Python standard library modules implementing network protocols (such as httplib or smtplib) failed to restrict the sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory. (CVE-2013-1752) It was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose the source code of the scripts in the cgi-bin directory. (CVE-2014-4650) An integer overflow flaw was found in the way the buffer() function handled its offset and size arguments. An attacker able to control these arguments could use this flaw to disclose portions of the application memory or cause it to crash. (CVE-2014-7185) These updated python packages also include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. For information on the most significant of these changes, users are directed to the following article on the Red Hat Customer Portal : https://access.redhat.com/articles/1495363 All python users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement.
    last seen2020-06-01
    modified2020-06-02
    plugin id85012
    published2015-07-28
    reporterThis script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85012
    titleCentOS 6 : python (CESA-2015:1330)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2653-1.NASL
    descriptionIt was discovered that multiple Python protocol libraries incorrectly limited certain data when connecting to servers. A malicious ftp, http, imap, nntp, pop or smtp server could use this issue to cause a denial of service. (CVE-2013-1752) It was discovered that the Python xmlrpc library did not limit unpacking gzip-compressed HTTP bodies. A malicious server could use this issue to cause a denial of service. (CVE-2013-1753) It was discovered that the Python json module incorrectly handled a certain argument. An attacker could possibly use this issue to read arbitrary memory and expose sensitive information. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-4616) It was discovered that the Python CGIHTTPServer incorrectly handled URL-encoded path separators in URLs. A remote attacker could use this issue to expose sensitive information, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-4650) It was discovered that Python incorrectly handled sizes and offsets in buffer functions. An attacker could possibly use this issue to read arbitrary memory and obtain sensitive information. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-7185). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2015-06-26
    plugin id84428
    published2015-06-26
    reporterUbuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84428
    titleUbuntu 12.04 LTS / 14.04 LTS / 14.10 : python2.7, python3.2, python3.4 vulnerabilities (USN-2653-1)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2015-2101.NASL
    descriptionFrom Red Hat Security Advisory 2015:2101 : Updated python packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme, or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and MFC). It was discovered that the Python xmlrpclib module did not restrict the size of gzip-compressed HTTP responses. A malicious XMLRPC server could cause an XMLRPC client using xmlrpclib to consume an excessive amount of memory. (CVE-2013-1753) It was discovered that multiple Python standard library modules implementing network protocols (such as httplib or smtplib) failed to restrict the sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory. (CVE-2013-1752) It was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose the source code of the scripts in the cgi-bin directory. (CVE-2014-4650) An integer overflow flaw was found in the way the buffer() function handled its offset and size arguments. An attacker able to control these arguments could use this flaw to disclose portions of the application memory or cause it to crash. (CVE-2014-7185) A flaw was found in the way the json module handled negative index arguments passed to certain functions (such as raw_decode()). An attacker able to control the index value passed to one of the affected functions could possibly use this flaw to disclose portions of the application memory. (CVE-2014-4616) The Python standard library HTTP client modules (such as httplib or urllib) did not perform verification of TLS/SSL certificates when connecting to HTTPS servers. A man-in-the-middle attacker could use this flaw to hijack connections and eavesdrop or modify transferred data. (CVE-2014-9365) Note: The Python standard library was updated to make it possible to enable certificate verification by default. However, for backwards compatibility, verification remains disabled by default. Future updates may change this default. Refer to the Knowledgebase article 2039753 linked to in the References section for further details about this change. (BZ#1219108) This update also fixes the following bugs : * Subprocesses used with the Eventlet library or regular threads previously tried to close epoll file descriptors twice, which led to an
    last seen2020-03-18
    modified2015-11-24
    plugin id87020
    published2015-11-24
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87020
    titleOracle Linux 7 : python (ELSA-2015-2101)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2015-621.NASL
    descriptionAn integer overflow flaw was found in the way the buffer() function handled its offset and size arguments. An attacker able to control those arguments could use this flaw to disclose portions of the application memory or cause it to crash. It was discovered that multiple Python standard library modules implementing network protocols (such as httplib or smtplib) failed to restrict sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory. It was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose source of scripts in the cgi-bin directory.
    last seen2020-03-17
    modified2015-12-15
    plugin id87347
    published2015-12-15
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87347
    titleAmazon Linux AMI : python26 (ALAS-2015-621)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-14266.NASL
    descriptionFix for CVE-2014-4650: CGIHTTPServer module does not properly handle URL-encoded path separators in URLs. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-11-24
    plugin id79392
    published2014-11-24
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79392
    titleFedora 19 : python-2.7.5-15.fc19 (2014-14266)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20151119_PYTHON_ON_SL7_X.NASL
    descriptionIt was discovered that the Python xmlrpclib module did not restrict the size of gzip-compressed HTTP responses. A malicious XMLRPC server could cause an XMLRPC client using xmlrpclib to consume an excessive amount of memory. (CVE-2013-1753) It was discovered that multiple Python standard library modules implementing network protocols (such as httplib or smtplib) failed to restrict the sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory. (CVE-2013-1752) It was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose the source code of the scripts in the cgi-bin directory. (CVE-2014-4650) An integer overflow flaw was found in the way the buffer() function handled its offset and size arguments. An attacker able to control these arguments could use this flaw to disclose portions of the application memory or cause it to crash. (CVE-2014-7185) A flaw was found in the way the json module handled negative index arguments passed to certain functions (such as raw_decode()). An attacker able to control the index value passed to one of the affected functions could possibly use this flaw to disclose portions of the application memory. (CVE-2014-4616) The Python standard library HTTP client modules (such as httplib or urllib) did not perform verification of TLS/SSL certificates when connecting to HTTPS servers. A man-in-the-middle attacker could use this flaw to hijack connections and eavesdrop or modify transferred data. (CVE-2014-9365) This update also fixes the following bugs : - Subprocesses used with the Eventlet library or regular threads previously tried to close epoll file descriptors twice, which led to an
    last seen2020-03-18
    modified2015-12-22
    plugin id87570
    published2015-12-22
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87570
    titleScientific Linux Security Update : python on SL7.x x86_64 (20151119)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20150722_PYTHON_ON_SL6_X.NASL
    descriptionIt was discovered that the socket.recvfrom_into() function failed to check the size of the supplied buffer. This could lead to a buffer overflow when the function was called with an insufficiently sized buffer. (CVE-2014-1912) It was discovered that multiple Python standard library modules implementing network protocols (such as httplib or smtplib) failed to restrict the sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory. (CVE-2013-1752) It was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose the source code of the scripts in the cgi-bin directory. (CVE-2014-4650) An integer overflow flaw was found in the way the buffer() function handled its offset and size arguments. An attacker able to control these arguments could use this flaw to disclose portions of the application memory or cause it to crash. (CVE-2014-7185)
    last seen2020-03-18
    modified2015-08-04
    plugin id85206
    published2015-08-04
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85206
    titleScientific Linux Security Update : python on SL6.x i386/x86_64 (20150722)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2015-075.NASL
    descriptionUpdated python packages fix security vulnerabilities : A vulnerability was reported in Python
    last seen2020-06-01
    modified2020-06-02
    plugin id82328
    published2015-03-30
    reporterThis script is Copyright (C) 2015-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82328
    titleMandriva Linux Security Advisory : python (MDVSA-2015:075)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-1330.NASL
    descriptionUpdated python packages that fix multiple security issues, several bugs and add one enhancement are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme, or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and MFC). It was discovered that the socket.recvfrom_into() function failed to check the size of the supplied buffer. This could lead to a buffer overflow when the function was called with an insufficiently sized buffer. (CVE-2014-1912) It was discovered that multiple Python standard library modules implementing network protocols (such as httplib or smtplib) failed to restrict the sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory. (CVE-2013-1752) It was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose the source code of the scripts in the cgi-bin directory. (CVE-2014-4650) An integer overflow flaw was found in the way the buffer() function handled its offset and size arguments. An attacker able to control these arguments could use this flaw to disclose portions of the application memory or cause it to crash. (CVE-2014-7185) These updated python packages also include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. For information on the most significant of these changes, users are directed to the following article on the Red Hat Customer Portal : https://access.redhat.com/articles/1495363 All python users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement.
    last seen2020-03-18
    modified2015-07-23
    plugin id84938
    published2015-07-23
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84938
    titleRHEL 6 : python (RHSA-2015:1330)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2015-2101.NASL
    descriptionUpdated python packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme, or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and MFC). It was discovered that the Python xmlrpclib module did not restrict the size of gzip-compressed HTTP responses. A malicious XMLRPC server could cause an XMLRPC client using xmlrpclib to consume an excessive amount of memory. (CVE-2013-1753) It was discovered that multiple Python standard library modules implementing network protocols (such as httplib or smtplib) failed to restrict the sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory. (CVE-2013-1752) It was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose the source code of the scripts in the cgi-bin directory. (CVE-2014-4650) An integer overflow flaw was found in the way the buffer() function handled its offset and size arguments. An attacker able to control these arguments could use this flaw to disclose portions of the application memory or cause it to crash. (CVE-2014-7185) A flaw was found in the way the json module handled negative index arguments passed to certain functions (such as raw_decode()). An attacker able to control the index value passed to one of the affected functions could possibly use this flaw to disclose portions of the application memory. (CVE-2014-4616) The Python standard library HTTP client modules (such as httplib or urllib) did not perform verification of TLS/SSL certificates when connecting to HTTPS servers. A man-in-the-middle attacker could use this flaw to hijack connections and eavesdrop or modify transferred data. (CVE-2014-9365) Note: The Python standard library was updated to make it possible to enable certificate verification by default. However, for backwards compatibility, verification remains disabled by default. Future updates may change this default. Refer to the Knowledgebase article 2039753 linked to in the References section for further details about this change. (BZ#1219108) This update also fixes the following bugs : * Subprocesses used with the Eventlet library or regular threads previously tried to close epoll file descriptors twice, which led to an
    last seen2020-03-17
    modified2015-12-02
    plugin id87129
    published2015-12-02
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87129
    titleCentOS 7 : python (CESA-2015:2101)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-2101.NASL
    descriptionUpdated python packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme, or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and MFC). It was discovered that the Python xmlrpclib module did not restrict the size of gzip-compressed HTTP responses. A malicious XMLRPC server could cause an XMLRPC client using xmlrpclib to consume an excessive amount of memory. (CVE-2013-1753) It was discovered that multiple Python standard library modules implementing network protocols (such as httplib or smtplib) failed to restrict the sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory. (CVE-2013-1752) It was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose the source code of the scripts in the cgi-bin directory. (CVE-2014-4650) An integer overflow flaw was found in the way the buffer() function handled its offset and size arguments. An attacker able to control these arguments could use this flaw to disclose portions of the application memory or cause it to crash. (CVE-2014-7185) A flaw was found in the way the json module handled negative index arguments passed to certain functions (such as raw_decode()). An attacker able to control the index value passed to one of the affected functions could possibly use this flaw to disclose portions of the application memory. (CVE-2014-4616) The Python standard library HTTP client modules (such as httplib or urllib) did not perform verification of TLS/SSL certificates when connecting to HTTPS servers. A man-in-the-middle attacker could use this flaw to hijack connections and eavesdrop or modify transferred data. (CVE-2014-9365) Note: The Python standard library was updated to make it possible to enable certificate verification by default. However, for backwards compatibility, verification remains disabled by default. Future updates may change this default. Refer to the Knowledgebase article 2039753 linked to in the References section for further details about this change. (BZ#1219108) This update also fixes the following bugs : * Subprocesses used with the Eventlet library or regular threads previously tried to close epoll file descriptors twice, which led to an
    last seen2020-03-18
    modified2015-11-20
    plugin id86968
    published2015-11-20
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86968
    titleRHEL 7 : python (RHSA-2015:2101)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2014-517.NASL
    descriptionThis python3 update fixes the following security and non security issues : - CGIHTTPServer filedisclosure and directory traversal through URL-encoded characters (CVE-2014-4650, bnc#885882) - DoS on ssl.match_hostname via a crafted certificate with too many wildcards (CVE-2013-2099, bnc#886001) - fix import_failed hook file names
    last seen2020-06-05
    modified2014-08-29
    plugin id77431
    published2014-08-29
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77431
    titleopenSUSE Security Update : python3 (openSUSE-SU-2014:1070-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_PYTHON-201408-140728.NASL
    descriptionThis update for Python provides fixes for the following issues : - CGIHTTPServer file disclosure and directory traversal through URL-encoded characters. (CVE-2014-4650) - The
    last seen2020-06-05
    modified2014-08-13
    plugin id77180
    published2014-08-13
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/77180
    titleSuSE 11.3 Security Update : Python (SAT Patch Number 9581)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2014-440.NASL
    descriptionIt was discovered that Python built-in module CGIHTTPServer does not properly handle URL-encoded path separators in URLs which may enable attackers to disclose a CGI script
    last seen2020-03-17
    modified2014-11-06
    plugin id78873
    published2014-11-06
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78873
    titleAmazon Linux AMI : python27 (ALAS-2014-440)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-14227.NASL
    descriptionFix for CVE-2014-4650: CGIHTTPServer module does not properly handle URL-encoded path separators in URLs. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-11-10
    plugin id79075
    published2014-11-10
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79075
    titleFedora 20 : python-2.7.5-15.fc20 (2014-14227)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-14208.NASL
    descriptionFix for CVE-2014-4650: CGIHTTPServer module does not properly handle URL-encoded path separators in URLs. Fix for CVE-2014-4650 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-11-11
    plugin id79095
    published2014-11-11
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/79095
    titleFedora 21 : python3-3.4.1-16.fc21 (2014-14208)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-14257.NASL
    descriptionFix for CVE-2014-4650: CGIHTTPServer module does not properly handle URL-encoded path separators in URLs. Fix for CVE-2014-4650 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-11-14
    plugin id79238
    published2014-11-14
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/79238
    titleFedora 19 : python3-3.3.2-10.fc19 (2014-14257)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-0234-1.NASL
    descriptionThis update for python fixes the following issues : Updated to version 2.7.17 to unify packages among openSUSE:Factory and SLE versions (bsc#1159035). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id133259
    published2020-01-27
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133259
    titleSUSE SLED15 / SLES15 Security Update : python (SUSE-SU-2020:0234-1) (BEAST) (httpoxy)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-0114-1.NASL
    descriptionThis update for python3 to version 3.6.10 fixes the following issues : CVE-2017-18207: Fixed a denial of service in Wave_read._read_fmt_chunk() (bsc#1083507). CVE-2019-16056: Fixed an issue where email parsing could fail for multiple @ (bsc#1149955). CVE-2019-15903: Fixed a heap-based buffer over-read in libexpat (bsc#1149429). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id133036
    published2020-01-17
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133036
    titleSUSE SLED15 / SLES15 Security Update : python3 (SUSE-SU-2020:0114-1) (BEAST) (httpoxy)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2014-505.NASL
    descriptionThis python update fixes the following security and no security issues : - CGIHTTPServer file disclosure and directory traversal through URL-encoded characters (CVE-2014-4650, bnc#885882) - remove link count optimizations that are incorrect on btrfs (and possibly other filesystems)
    last seen2020-06-05
    modified2014-08-21
    plugin id77294
    published2014-08-21
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77294
    titleopenSUSE Security Update : python (openSUSE-SU-2014:1041-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2020-86.NASL
    descriptionThis update for python3 to version 3.6.10 fixes the following issues : - CVE-2017-18207: Fixed a denial of service in Wave_read._read_fmt_chunk() (bsc#1083507). - CVE-2019-16056: Fixed an issue where email parsing could fail for multiple @ (bsc#1149955). - CVE-2019-15903: Fixed a heap-based buffer over-read in libexpat (bsc#1149429). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id133172
    published2020-01-22
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133172
    titleopenSUSE Security Update : python3 (openSUSE-2020-86) (BEAST) (httpoxy)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-997.NASL
    descriptionThis update for python3 fixes the following issues : - apply fix for CVE-2016-1000110 - CGIHandler: sets environmental variable based on user-supplied Proxy request header (fixes boo#989523, CVE-2016-1000110) - update to 3.4.5 check: https://docs.python.org/3.4/whatsnew/changelog.html (fixes boo#984751, CVE-2016-0772) (fixes boo#985177, CVE-2016-5636) (fixes boo#985348, CVE-2016-5699) - Bump DH parameters to 2048 bit to fix logjam security issue. boo#935856 - apply fix for CVE-2016-1000110 - CGIHandler: sets environmental variable based on user-supplied Proxy request header: (fixes boo#989523, CVE-2016-1000110)
    last seen2020-06-05
    modified2016-08-22
    plugin id93069
    published2016-08-22
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93069
    titleopenSUSE Security Update : python3 (openSUSE-2016-997) (httpoxy)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-1344-1.NASL
    descriptionThis update to python 2.7.9 fixes the following issues : - python-2.7-libffi-aarch64.patch: Fix argument passing in libffi for aarch64 From the version update to 2.7.9 : - contains full backport of ssl module from Python 3.4 (PEP466) - HTTPS certificate validation enabled by default (PEP476) - SSLv3 disabled by default (bnc#901715) - backported ensurepip module (PEP477) - fixes several missing CVEs from last release: CVE-2013-1752, CVE-2013-1753 - dropped upstreamed patches: python-2.7.6-poplib.patch, smtplib_maxline-2.7.patch, xmlrpc_gzip_27.patch - dropped patch python-2.7.3-ssl_ca_path.patch because we don
    last seen2020-03-18
    modified2015-08-06
    plugin id85250
    published2015-08-06
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85250
    titleSUSE SLED12 / SLES12 Security Update : python (SUSE-SU-2015:1344-1)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2015-076.NASL
    descriptionUpdated python3 packages fix security vulnerabilities : ZipExtFile.read goes into 100% CPU infinite loop on maliciously binary edited zips (CVE-2013-7338). A vulnerability was reported in Python
    last seen2020-06-01
    modified2020-06-02
    plugin id82329
    published2015-03-30
    reporterThis script is Copyright (C) 2015-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82329
    titleMandriva Linux Security Advisory : python3 (MDVSA-2015:076)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-14245.NASL
    descriptionFix for CVE-2014-4650: CGIHTTPServer module does not properly handle URL-encoded path separators in URLs. Fix for CVE-2014-4650 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-11-10
    plugin id79076
    published2014-11-10
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/79076
    titleFedora 20 : python3-3.3.2-18.fc20 (2014-14245)

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/127241/rt-sa-2014-008.txt
idPACKETSTORM:127241
last seen2016-12-05
published2014-06-27
reporterredteam-pentesting.de
sourcehttps://packetstormsecurity.com/files/127241/Python-CGIHTTPServer-File-Disclosure-Code-Execution.html
titlePython CGIHTTPServer File Disclosure / Code Execution

Redhat

advisories
rhsa
idRed Hat
rpms
  • python27-0:1.1-17.el6
  • python27-0:1.1-20.el7
  • python27-python-0:2.7.8-3.el6
  • python27-python-0:2.7.8-3.el7
  • python27-python-debug-0:2.7.8-3.el6
  • python27-python-debug-0:2.7.8-3.el7
  • python27-python-debuginfo-0:2.7.8-3.el6
  • python27-python-debuginfo-0:2.7.8-3.el7
  • python27-python-devel-0:2.7.8-3.el6
  • python27-python-devel-0:2.7.8-3.el7
  • python27-python-libs-0:2.7.8-3.el6
  • python27-python-libs-0:2.7.8-3.el7
  • python27-python-pip-0:1.5.6-5.el6
  • python27-python-pip-0:1.5.6-5.el7
  • python27-python-setuptools-0:0.9.8-3.el6
  • python27-python-setuptools-0:0.9.8-5.el7
  • python27-python-simplejson-0:3.2.0-2.el6
  • python27-python-simplejson-0:3.2.0-3.el7
  • python27-python-simplejson-debuginfo-0:3.2.0-2.el6
  • python27-python-simplejson-debuginfo-0:3.2.0-3.el7
  • python27-python-test-0:2.7.8-3.el6
  • python27-python-test-0:2.7.8-3.el7
  • python27-python-tools-0:2.7.8-3.el6
  • python27-python-tools-0:2.7.8-3.el7
  • python27-python-wheel-0:0.24.0-2.el6
  • python27-python-wheel-0:0.24.0-2.el7
  • python27-runtime-0:1.1-17.el6
  • python27-runtime-0:1.1-20.el7
  • python27-scldevel-0:1.1-17.el6
  • python27-scldevel-0:1.1-20.el7
  • python27-tkinter-0:2.7.8-3.el6
  • python27-tkinter-0:2.7.8-3.el7
  • python-0:2.6.6-64.el6
  • python-debuginfo-0:2.6.6-64.el6
  • python-devel-0:2.6.6-64.el6
  • python-libs-0:2.6.6-64.el6
  • python-test-0:2.6.6-64.el6
  • python-tools-0:2.6.6-64.el6
  • tkinter-0:2.6.6-64.el6
  • python-0:2.7.5-34.el7
  • python-debug-0:2.7.5-34.el7
  • python-debuginfo-0:2.7.5-34.el7
  • python-devel-0:2.7.5-34.el7
  • python-libs-0:2.7.5-34.el7
  • python-test-0:2.7.5-34.el7
  • python-tools-0:2.7.5-34.el7
  • tkinter-0:2.7.5-34.el7