Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2005-0089

Published: 02/05/2005 Updated: 02/08/2023
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Python

Vulnerability Summary

The SimpleXMLRPCServer library module in Python 2.2, 2.3 prior to 2.3.5, and 2.4, when used by XML-RPC servers that use the register_instance method to register an object without a _dispatch method, allows remote malicious users to read or modify globals of the associated module, and possibly execute arbitrary code, via dotted attributes.

Vulnerable Product Search on Vulmon Subscribe to Product

python python 2.4.0

python python

Vendor Advisories

Ubuntu Security Notice: python2.2, python2.3 vulnerability
The Python developers discovered a flaw in the SimpleXMLRPCServer module Python XML-RPC servers that used the register_instance() method to register an object, but do not have a dispatch() method, allowed remote users to access or change function internals using the im* and func_* attributes ...
Red Hat: python security update
Synopsis python security update Type/Severity Security Advisory: Important Topic Updated Python packages that fix several security issues are now availablefor Red Hat Enterprise Linux 4This update has been rated as having important security impact by the RedHat Security Response Team Description ...
Red Hat: python security update
Synopsis python security update Type/Severity Security Advisory: Important Topic Updated Python packages that fix a security issue are now available for RedHat Enterprise Linux 3 Description Python is an interpreted, interactive, object-oriented programming languageAn object traversal bug ...
Debian Security Advisories: DSA-666-1 python2.2 -- design flaw
The Python development team has discovered a flaw in their language package The SimpleXMLRPCServer library module could permit remote attackers unintended access to internals of the registered object or its module or possibly other modules The flaw only affects Python XML-RPC servers that use the register_instance() method to register an object w ...

References

NVD-CWE-Otherhttp://www.python.org/security/PSF-2005-001/http://python.org/security/PSF-2005-001/patch-2.2.txthttp://www.debian.org/security/2005/dsa-666http://www.redhat.com/support/errata/RHSA-2005-108.htmlhttp://www.trustix.org/errata/2005/0003/http://www.securityfocus.com/bid/12437http://securitytracker.com/id?1013083http://secunia.com/advisories/14128http://www.mandriva.com/security/advisories?name=MDKSA-2005:035http://marc.info/?l=bugtraq&m=110746469728728&w=2https://exchange.xforce.ibmcloud.com/vulnerabilities/19217https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9811https://usn.ubuntu.com/73-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028memory leaklog injectionCVE-2024-3400CVE-2022-48695CVE-2022-48675CVE-2024-34487CVE-2024-33792spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook