vulnerability
Ubuntu: USN-4030-1 (CVE-2016-10321): web2py vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:P/I:N/A:N) | Apr 10, 2017 | Jun 22, 2019 | May 5, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
Apr 10, 2017
Added
Jun 22, 2019
Modified
May 5, 2025
Description
It was discovered that web2py does not properly check denied hosts before
verifying passwords. An attacker could possibly use this issue to perform
brute-force attacks. (CVE-2016-10321)
It was discovered that web2py allows remote attackers to obtain
environment variable values. An attacker could possibly use this issue to
gain administrative access. (CVE-2016-3952)
It was discovered that web2py uses a hardcoded encryption key. An
attacker could possibly use this issue to execute arbitrary code.
(CVE-2016-3953, CVE-2016-3954, CVE-2016-3957)
Solutions
ubuntu-upgrade-python-gluonubuntu-upgrade-python-web2py
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.