7.5
CVSSv2

CVE-2005-0088

Published: 02/05/2005 Updated: 19/10/2018
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

The publisher handler for mod_python 2.7.8 and earlier allows remote malicious users to obtain access to restricted objects via a crafted URL.

Affected Products

Vendor Product Versions
ApacheMod Python1.9a, 2.0, 2.1, 2.2, 2.3, 2.4, 2.4.1, 2.5, 2.6, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.7, 2.7.1, 2.7.2, 2.7.3, 2.7.4, 2.7.5, 2.7.6, 2.7.7, 2.7.8

Vendor Advisories

Synopsis mod_python security update Type/Severity Security Advisory: Moderate Topic An updated mod_python package that fixes a security issue in the publisherhandle is now available for Red Hat Enterprise Linux 4This update has been rated as having moderate security impact by the Red HatSecurity Response T ...
Graham Dumpleton discovered an information disclosure in the “publisher” handle of mod_python By requesting a carefully crafted URL for a published module page, anybody can obtain extra information about internal variables, objects, and other information which is not intended to be visible ...
Synopsis mod_python security update Type/Severity Security Advisory: Moderate Topic An Updated mod_python package that fixes a security issue in the publisherhandler is now available Description Mod_python is a module that embeds the Python language interpreter withinthe Apache web server, ...
Graham Dumpleton discovered a flaw which can affect anyone using the publisher handle of the Apache Software Foundation's mod_python The publisher handle lets you publish objects inside modules to make them callable via URL The flaw allows a carefully crafted URL to obtain extra information that should not be visible (information leak) For the s ...