Описание
web2py before 2.14.2 allows remote attackers to obtain the session_cookie_key value via a direct request to examples/simple_examples/status. NOTE: this issue can be leveraged by remote attackers to execute arbitrary code using CVE-2016-3957.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| web2py | removed | package | ||
| web2py | not-affected | jessie | package | |
| web2py | not-affected | wheezy | package |
EPSS
Процентиль: 60%
0.00392
Низкий
Связанные уязвимости
CVSS3: 5.5
ubuntu
около 8 лет назад
web2py before 2.14.2 allows remote attackers to obtain the session_cookie_key value via a direct request to examples/simple_examples/status. NOTE: this issue can be leveraged by remote attackers to execute arbitrary code using CVE-2016-3957.
CVSS3: 5.5
nvd
около 8 лет назад
web2py before 2.14.2 allows remote attackers to obtain the session_cookie_key value via a direct request to examples/simple_examples/status. NOTE: this issue can be leveraged by remote attackers to execute arbitrary code using CVE-2016-3957.
EPSS
Процентиль: 60%
0.00392
Низкий