RSS   Vulnerabilities for 'Cherrypy'   RSS

2008-01-11
 
CVE-2008-0252

CWE-22
 

 
Directory traversal vulnerability in the _get_file_path function in (1) lib/sessions.py in CherryPy 3.0.x up to 3.0.2, (2) filter/sessionfilter.py in CherryPy 2.1, and (3) filter/sessionfilter.py in CherryPy 2.x allows remote attackers to create or delete arbitrary files, and possibly read and write portions of arbitrary files, via a crafted session id in a cookie.

 
2006-02-21
 
CVE-2006-0847

 

 
Directory traversal vulnerability in the staticfilter component in CherryPy before 2.1.1 allows remote attackers to read arbitrary files via ".." sequences in unspecified vectors.

 


Copyright 2024, cxsecurity.com

 

Back to Top