vulnerability

Oracle Linux: CVE-2014-4650: ELSA-2015-1330: python security, bug fix, and enhancement update (MODERATE) (Multiple Advisories)

Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
Feb 20, 2020
Added
Oct 16, 2024
Modified
Dec 17, 2024

Description

The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator.

Solution(s)

oracle-linux-upgrade-pythonoracle-linux-upgrade-python27oracle-linux-upgrade-python27-pythonoracle-linux-upgrade-python27-python-debugoracle-linux-upgrade-python27-python-develoracle-linux-upgrade-python27-python-libsoracle-linux-upgrade-python27-python-piporacle-linux-upgrade-python27-python-setuptoolsoracle-linux-upgrade-python27-python-simplejsonoracle-linux-upgrade-python27-python-testoracle-linux-upgrade-python27-python-toolsoracle-linux-upgrade-python27-python-wheeloracle-linux-upgrade-python27-runtimeoracle-linux-upgrade-python27-scldeveloracle-linux-upgrade-python27-tkinteroracle-linux-upgrade-python-debugoracle-linux-upgrade-python-develoracle-linux-upgrade-python-libsoracle-linux-upgrade-python-testoracle-linux-upgrade-python-toolsoracle-linux-upgrade-tkinter
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.