Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2014-3137

Опубликовано: 25 окт. 2014
Источник: nvd
CVSS2: 6.8
EPSS Низкий

Описание

Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 does not properly limit content types, which allows remote attackers to bypass intended access restrictions via an accepted Content-Type followed by a ; (semi-colon) and a Content-Type that would not be accepted, as demonstrated in YouCompleteMe to execute arbitrary code.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:bottlepy:bottle:0.10.0:*:*:*:*:*:*:*
cpe:2.3:a:bottlepy:bottle:0.10.1:*:*:*:*:*:*:*
cpe:2.3:a:bottlepy:bottle:0.10.2:*:*:*:*:*:*:*
cpe:2.3:a:bottlepy:bottle:0.10.3:*:*:*:*:*:*:*
cpe:2.3:a:bottlepy:bottle:0.10.4:*:*:*:*:*:*:*
cpe:2.3:a:bottlepy:bottle:0.10.5:*:*:*:*:*:*:*
cpe:2.3:a:bottlepy:bottle:0.10.6:*:*:*:*:*:*:*
cpe:2.3:a:bottlepy:bottle:0.10.7:*:*:*:*:*:*:*
cpe:2.3:a:bottlepy:bottle:0.10.8:*:*:*:*:*:*:*
cpe:2.3:a:bottlepy:bottle:0.10.9:*:*:*:*:*:*:*
cpe:2.3:a:bottlepy:bottle:0.10.10:*:*:*:*:*:*:*
cpe:2.3:a:bottlepy:bottle:0.10.11:*:*:*:*:*:*:*
cpe:2.3:a:bottlepy:bottle:0.11.0:*:*:*:*:*:*:*
cpe:2.3:a:bottlepy:bottle:0.11.1:*:*:*:*:*:*:*
cpe:2.3:a:bottlepy:bottle:0.11.2:*:*:*:*:*:*:*
cpe:2.3:a:bottlepy:bottle:0.11.3:*:*:*:*:*:*:*
cpe:2.3:a:bottlepy:bottle:0.11.4:*:*:*:*:*:*:*
cpe:2.3:a:bottlepy:bottle:0.11.5:*:*:*:*:*:*:*
cpe:2.3:a:bottlepy:bottle:0.11.6:*:*:*:*:*:*:*
cpe:2.3:a:bottlepy:bottle:0.11.7:*:*:*:*:*:*:*
cpe:2.3:a:bottlepy:bottle:0.12.0:*:*:*:*:*:*:*
cpe:2.3:a:bottlepy:bottle:0.12.1:*:*:*:*:*:*:*
cpe:2.3:a:bottlepy:bottle:0.12.2:*:*:*:*:*:*:*
cpe:2.3:a:bottlepy:bottle:0.12.3:*:*:*:*:*:*:*
cpe:2.3:a:bottlepy:bottle:0.12.4:*:*:*:*:*:*:*
cpe:2.3:a:bottlepy:bottle:0.12.5:*:*:*:*:*:*:*

EPSS

Процентиль: 76%
0.0094
Низкий

6.8 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

ubuntu логотип

CVE-2014-3137

ubuntu
больше 11 лет назад

Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 does not properly limit content types, which allows remote attackers to bypass intended access restrictions via an accepted Content-Type followed by a ; (semi-colon) and a Content-Type that would not be accepted, as demonstrated in YouCompleteMe to execute arbitrary code.

debian логотип

CVE-2014-3137

debian
больше 11 лет назад

Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before ...

github логотип

GHSA-873q-wpqr-xfgw

CVSS3: 9.8
github
больше 3 лет назад

Bottle does not properly limit content-types

EPSS

Процентиль: 76%
0.0094
Низкий

6.8 Medium

CVSS2

Дефекты

CWE-20