vulnerability

Oracle Solaris 11: CVE-2019-9948: Vulnerability in Python 2.7, Python 3.4, Python 3.5, Python 3.7

Severity
6
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:N)
Published
Mar 23, 2019
Added
Aug 21, 2019
Modified
Feb 17, 2022

Description

urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.

Solution(s)

oracle-solaris-11-3-upgrade-library-python-tkinter-27-2-7-16-0-175-3-36-0-26-0oracle-solaris-11-3-upgrade-library-python-tkinter-34-3-4-10-0-175-3-36-0-26-0oracle-solaris-11-3-upgrade-runtime-python-27-2-7-16-0-175-3-36-0-26-0oracle-solaris-11-3-upgrade-runtime-python-27-tests-2-7-16-0-175-3-36-0-26-0oracle-solaris-11-3-upgrade-runtime-python-34-3-4-10-0-175-3-36-0-26-0oracle-solaris-11-4-upgrade-library-python-tkinter-27-2-7-16-11-4-12-0-1-3-0oracle-solaris-11-4-upgrade-library-python-tkinter-34-3-4-10-11-4-12-0-1-3-0oracle-solaris-11-4-upgrade-library-python-tkinter-35-3-5-7-11-4-12-0-1-3-0oracle-solaris-11-4-upgrade-library-python-tkinter-37-3-7-4-11-4-12-0-1-3-0oracle-solaris-11-4-upgrade-runtime-python-27-2-7-16-11-4-12-0-1-3-0oracle-solaris-11-4-upgrade-runtime-python-27-tests-2-7-16-11-4-12-0-1-3-0oracle-solaris-11-4-upgrade-runtime-python-34-3-4-10-11-4-12-0-1-3-0oracle-solaris-11-4-upgrade-runtime-python-35-3-5-7-11-4-12-0-1-3-0oracle-solaris-11-4-upgrade-runtime-python-37-3-7-4-11-4-12-0-1-3-0
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.