Опубликовано: 06 фев. 2018
Источник: ubuntu
Приоритет: low
EPSS Низкий
CVSS2: 2.1
CVSS3: 5.5
Описание
web2py before 2.14.2 allows remote attackers to obtain the session_cookie_key value via a direct request to examples/simple_examples/status. NOTE: this issue can be leveraged by remote attackers to execute arbitrary code using CVE-2016-3957.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| disco | DNE | |
| esm-apps/xenial | released | 2.12.3-1ubuntu0.1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected [code not present]] |
| precise/esm | DNE | |
| trusty | not-affected | code not present |
| trusty/esm | DNE | trusty was not-affected [code not present] |
Показывать по
10
EPSS
Процентиль: 60%
0.00392
Низкий
2.1 Low
CVSS2
5.5 Medium
CVSS3
Связанные уязвимости
CVSS3: 5.5
nvd
около 8 лет назад
web2py before 2.14.2 allows remote attackers to obtain the session_cookie_key value via a direct request to examples/simple_examples/status. NOTE: this issue can be leveraged by remote attackers to execute arbitrary code using CVE-2016-3957.
CVSS3: 5.5
debian
около 8 лет назад
web2py before 2.14.2 allows remote attackers to obtain the session_coo ...
EPSS
Процентиль: 60%
0.00392
Низкий
2.1 Low
CVSS2
5.5 Medium
CVSS3