apache/mod_python: The latest CVE Vulnerabilities and Exploits for Penetration Test
apache/mod_python Vulnerability Summary
- Vendor name: apache
- Product name: mod_python
- Total vulnerabilities: 6 (as 2023-05-04)
apache/mod_python Vulnerability List
CVE-2006-1095: Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache…
Published: 2006-03-09T13:06:00 Last Modified: 2017-07-20T01:30:00
Summary
Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
Common Weakness Enumeration (CWE): CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
CWE Description: The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Scores
- Impact Score: 10.0
- Exploitability Score: 3.9
- CVSS: 7.2
- CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2006-1095 vulnerability.
References
- http://www.cgisecurity.com/2006/02/07
- http://www.modpython.org/fs_sec_warn.html
- http://www.securityfocus.com/bid/16916
- http://svn.apache.org/viewcvs.cgi/httpd/mod_python/branches/3.2.x/NEWS?rev=378945
- http://securitytracker.com/id?1015764
- http://secunia.com/advisories/19239
- http://www.vupen.com/english/advisories/2006/0768
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24965
See also: All popular products CVE Vulnerabilities of apache
CVE-2005-0088: The publisher handler for mod_python 2.7.8 and earlier allows remote attackers to obtain access…
Published: 2005-05-02T04:00:00 Last Modified: 2018-10-19T15:31:00
Summary
The publisher handler for mod_python 2.7.8 and earlier allows remote attackers to obtain access to restricted objects via a crafted URL.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2005-0088 vulnerability.
References
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000926
- http://www.debian.org/security/2005/dsa-689
- http://security.gentoo.org/glsa/glsa-200502-14.xml
- http://www.redhat.com/support/errata/RHSA-2005-100.html
- http://www.redhat.com/support/errata/RHSA-2005-104.html
- http://www.trustix.org/errata/2005/0003/
- http://www.kb.cert.org/vuls/id/356409
- http://www.securityfocus.com/bid/12519
- http://securitytracker.com/id?1013156
- http://marc.info/?l=bugtraq&m=110815313218389&w=2
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10617
- http://www.securityfocus.com/archive/1/430286/100/0/threaded
See also: All popular products CVE Vulnerabilities of apache
CVE-2004-2680: mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters…
Published: 2004-12-31T05:00:00 Last Modified: 2018-10-19T15:30:00
Summary
mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2004-2680 vulnerability.
References
- http://mail-archives.apache.org/mod_mbox/httpd-python-dev/200404.mbox/%3cCD485B27-8F3E-11D8-934B-000A95B0D772@pixar.com%3e
- http://mail-archives.apache.org/mod_mbox/httpd-python-dev/200404.mbox/%3c6DCA8C14-8FFA-11D8-8B4E-000A95B0D772@pixar.com%3e
- http://mail-archives.apache.org/mod_mbox/httpd-python-dev/200404.mbox/%3cEB279100-9000-11D8-8B4E-000A95B0D772@pixar.com%3e
- https://launchpad.net/bugs/89308
- https://issues.rpath.com/browse/RPL-1105
- http://svn.apache.org/viewvc/httpd/mod_python/trunk/src/filterobject.c?r1=102649&r2=103561&pathrev=103561
- http://www.ubuntu.com/usn/usn-430-1
- http://www.securityfocus.com/bid/22849
- http://secunia.com/advisories/24424
- http://secunia.com/advisories/24418
- http://www.vupen.com/english/advisories/2007/0846
- https://exchange.xforce.ibmcloud.com/vulnerabilities/14751
- http://www.securityfocus.com/archive/1/462185/100/0/threaded
See also: All popular products CVE Vulnerabilities of apache
CVE-2004-0096: Unknown vulnerability in mod_python 2.7.9 allows remote attackers to cause a denial of service…
Published: 2004-03-03T05:00:00 Last Modified: 2008-09-05T20:37:00
Summary
Unknown vulnerability in mod_python 2.7.9 allows remote attackers to cause a denial of service (httpd crash) via a certain query string, a variant of CAN-2003-0973.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2004-0096 vulnerability.
References
- http://www.modpython.org/pipermail/mod_python/2004-January/014879.html
- http://security.gentoo.org/glsa/glsa-200401-03.xml
- http://www.redhat.com/support/errata/RHSA-2004-058.html
- http://www.redhat.com/support/errata/RHSA-2004-063.html
See also: All popular products CVE Vulnerabilities of apache
CVE-2003-0973: Unknown vulnerability in mod_python 3.0.x before 3.0.4, and 2.7.x before 2.7.9, allows remote…
Published: 2003-12-15T05:00:00 Last Modified: 2017-10-11T01:29:00
Summary
Unknown vulnerability in mod_python 3.0.x before 3.0.4, and 2.7.x before 2.7.9, allows remote attackers to cause a denial of service (httpd crash) via a certain query string.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2003-0973 vulnerability.
References
- http://www.modpython.org/pipermail/mod_python/2003-November/004005.html
- http://www.debian.org/security/2004/dsa-452
- http://www.redhat.com/support/errata/RHSA-2004-058.html
- http://bugzilla.fedora.us/show_bug.cgi?id=1325
- http://www.redhat.com/support/errata/RHSA-2004-063.html
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000837
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A839
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A828
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10259
See also: All popular products CVE Vulnerabilities of apache
CVE-2002-0185: mod_python version 2.7.6 and earlier allows a module indirectly imported by a published module to…
Published: 2002-05-16T04:00:00 Last Modified: 2008-09-05T20:27:00
Summary
mod_python version 2.7.6 and earlier allows a module indirectly imported by a published module to then be accessed via the publisher, which allows remote attackers to call possibly dangerous functions from the imported module.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2002-0185 vulnerability.
References
- http://www.modpython.org/pipermail/mod_python/2002-April/001991.html
- http://www.modpython.org/pipermail/mod_python/2002-April/002003.html
- http://www.redhat.com/support/errata/RHSA-2002-070.html
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000477
- http://www.iss.net/security_center/static/8997.php
- http://www.securityfocus.com/bid/4656
See also: All popular products CVE Vulnerabilities of apache