Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2014-4650
Description:The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator.
Test IDs: 1.3.6.1.4.1.25623.1.0.868463   1.3.6.1.4.1.25623.1.1.4.2014.0998.1   1.3.6.1.4.1.25623.1.1.4.2014.1009.1   1.3.6.1.4.1.25623.1.1.4.2014.0997.1   1.3.6.1.4.1.25623.1.1.4.2014.1011.1   1.3.6.1.4.1.25623.1.1.4.2014.1006.1   1.3.6.1.4.1.25623.1.1.4.2014.1012.1   1.3.6.1.4.1.25623.1.1.4.2014.1005.1  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2014-4650
http://bugs.python.org/issue21766
http://openwall.com/lists/oss-security/2014/06/26/3
RedHat Security Advisories: Red Hat
https://access.redhat.com/security/cve/cve-2014-4650




© 1998-2021 E-Soft Inc. All rights reserved.