Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2014-4650

Опубликовано: 20 фев. 2020
Источник: ubuntu
Приоритет: low
EPSS Средний
CVSS2: 7.5
CVSS3: 9.8

Описание

The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator.

РелизСтатусПримечание
devel

not-affected

2.7.10-2
esm-infra-legacy/trusty

not-affected

2.7.6-8ubuntu0.2
lucid

DNE

precise

released

2.7.3-0ubuntu3.8
saucy

ignored

end of life
trusty

released

2.7.6-8ubuntu0.2
trusty/esm

not-affected

2.7.6-8ubuntu0.2
upstream

needed

utopic

not-affected

2.7.8-10ubuntu1
vivid

not-affected

2.7.9-2ubuntu3

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra-legacy/trusty

DNE

lucid

DNE

precise

released

3.2.3-0ubuntu3.7
saucy

DNE

trusty

DNE

trusty/esm

DNE

upstream

needed

utopic

DNE

vivid

DNE

Показывать по

РелизСтатусПримечание
devel

not-affected

3.4.1-6
esm-infra-legacy/trusty

not-affected

3.4.0-2ubuntu1.1
lucid

DNE

precise

DNE

saucy

DNE

trusty

released

3.4.0-2ubuntu1.1
trusty/esm

not-affected

3.4.0-2ubuntu1.1
upstream

needed

utopic

not-affected

3.4.1-6
vivid

not-affected

3.4.1-6

Показывать по

Ссылки на источники

EPSS

Процентиль: 93%
0.10304
Средний

7.5 High

CVSS2

9.8 Critical

CVSS3

Связанные уязвимости

redhat логотип

CVE-2014-4650

redhat
почти 11 лет назад

The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator.

nvd логотип

CVE-2014-4650

CVSS3: 9.8
nvd
больше 5 лет назад

The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator.

debian логотип

CVE-2014-4650

CVSS3: 9.8
debian
больше 5 лет назад

The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly h ...

github логотип

GHSA-33c8-ggqv-8g5p

CVSS3: 9.8
github
около 3 лет назад

The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator.

fstec логотип

BDU:2015-00666

fstec
почти 11 лет назад

Уязвимость программного обеспечения Python, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

EPSS

Процентиль: 93%
0.10304
Средний

7.5 High

CVSS2

9.8 Critical

CVSS3