Several security issues were fixed in web2py.
It was discovered that web2py does not properly check denied hosts before verifying passwords. An attacker could possibly use this issue to perform brute-force attacks. (CVE-2016-10321)
21 June 2019
A security issue affects these releases of Ubuntu and its derivatives:
Several security issues were fixed in web2py.
It was discovered that web2py does not properly check denied hosts before verifying passwords. An attacker could possibly use this issue to perform brute-force attacks. (CVE-2016-10321)
It was discovered that web2py allows remote attackers to obtain environment variable values. An attacker could possibly use this issue to gain administrative access. (CVE-2016-3952)
It was discovered that web2py uses a hardcoded encryption key. An attacker could possibly use this issue to execute arbitrary code. (CVE-2016-3953, CVE-2016-3954, CVE-2016-3957)
The problem can be corrected by updating your system to the following package versions:
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
Vulmon