Directory traversal vulnerability in the staticfilter component in CherryPy before 2.1.1 allows remote attackers to read arbitrary files via .. sequences in unspecified vectors.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Cherrypy | Cherrypy | 0.1 (including) | 0.1 (including) |
| Cherrypy | Cherrypy | 0.2 (including) | 0.2 (including) |
| Cherrypy | Cherrypy | 0.3 (including) | 0.3 (including) |
| Cherrypy | Cherrypy | 0.4 (including) | 0.4 (including) |
| Cherrypy | Cherrypy | 0.5 (including) | 0.5 (including) |
| Cherrypy | Cherrypy | 0.6 (including) | 0.6 (including) |
| Cherrypy | Cherrypy | 0.7 (including) | 0.7 (including) |
| Cherrypy | Cherrypy | 0.8 (including) | 0.8 (including) |
| Cherrypy | Cherrypy | 0.8_beta (including) | 0.8_beta (including) |
| Cherrypy | Cherrypy | 0.9 (including) | 0.9 (including) |
| Cherrypy | Cherrypy | 0.9_beta (including) | 0.9_beta (including) |
| Cherrypy | Cherrypy | 0.9_gamma (including) | 0.9_gamma (including) |
| Cherrypy | Cherrypy | 0.9_rc1 (including) | 0.9_rc1 (including) |
| Cherrypy | Cherrypy | 0.10 (including) | 0.10 (including) |
| Cherrypy | Cherrypy | 0.10_beta (including) | 0.10_beta (including) |
| Cherrypy | Cherrypy | 0.10_rc1 (including) | 0.10_rc1 (including) |
| Cherrypy | Cherrypy | 2.0.0 (including) | 2.0.0 (including) |
| Cherrypy | Cherrypy | 2.0.0a1 (including) | 2.0.0a1 (including) |
| Cherrypy | Cherrypy | 2.1.0 (including) | 2.1.0 (including) |
| Cherrypy | Cherrypy | 2.1.0_beta (including) | 2.1.0_beta (including) |
| Cherrypy | Cherrypy | 2.1.0_rc1 (including) | 2.1.0_rc1 (including) |
| Cherrypy | Cherrypy | 2.1.0_rc2 (including) | 2.1.0_rc2 (including) |
| Cherrypy3 | Ubuntu | devel | * |
| Cherrypy3 | Ubuntu | gutsy | * |
| Cherrypy3 | Ubuntu | hardy | * |
| Cherrypy3 | Ubuntu | intrepid | * |
| Cherrypy3 | Ubuntu | jaunty | * |
| Cherrypy3 | Ubuntu | karmic | * |
| Python-cherrypy | Ubuntu | dapper | * |
| Python-cherrypy | Ubuntu | devel | * |
| Python-cherrypy | Ubuntu | edgy | * |
| Python-cherrypy | Ubuntu | feisty | * |
| Python-cherrypy | Ubuntu | gutsy | * |
| Python-cherrypy | Ubuntu | hardy | * |
| Python-cherrypy | Ubuntu | intrepid | * |
| Python-cherrypy | Ubuntu | jaunty | * |
| Python-cherrypy | Ubuntu | karmic | * |
References
- http://groups.google.com/group/cherrypy-announce/browse_thread/thread/92b2972f774fe6df/2f63afc9433dc306#2f63afc9433dc306
- http://secunia.com/advisories/18944
- http://secunia.com/advisories/20344
- http://sourceforge.net/project/shownotes.php?release_id=384316\u0026group_id=56099
- http://www.cherrypy.org/
- http://www.gentoo.org/security/en/glsa/glsa-200605-16.xml
- http://www.securityfocus.com/bid/16760
- http://www.vupen.com/english/advisories/2006/0677
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24809
- http://groups.google.com/group/cherrypy-announce/browse_thread/thread/92b2972f774fe6df/2f63afc9433dc306#2f63afc9433dc306
- http://secunia.com/advisories/18944
- http://secunia.com/advisories/20344
- http://sourceforge.net/project/shownotes.php?release_id=384316\u0026group_id=56099
- http://www.cherrypy.org/
- http://www.gentoo.org/security/en/glsa/glsa-200605-16.xml
- http://www.securityfocus.com/bid/16760
- http://www.vupen.com/english/advisories/2006/0677
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24809