Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2008-0252

Published: 12/01/2008 Updated: 15/10/2018
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Cherrypy

Vulnerability Summary

Directory traversal vulnerability in the _get_file_path function in (1) lib/sessions.py in CherryPy 3.0.x up to 3.0.2, (2) filter/sessionfilter.py in CherryPy 2.1, and (3) filter/sessionfilter.py in CherryPy 2.x allows remote malicious users to create or delete arbitrary files, and possibly read and write portions of arbitrary files, via a crafted session id in a cookie.

Vulnerable Product Search on Vulmon Subscribe to Product

cherrypy cherrypy

Vendor Advisories

Debian CVElist Bug Report Logs: python-cherrypy: CVE-2008-0252 directory traversal vulnerability
Debian Bug report logs - #461069 python-cherrypy: CVE-2008-0252 directory traversal vulnerability Package: python-cherrypy; Maintainer for python-cherrypy is Debian Python Modules Team <python-modules-team@listsaliothdebianorg>; Source for python-cherrypy is src:python-cherrypy (PTS, buildd, popcon) Reported by: Nico Gold ...
Debian Security Advisories: DSA-1481-1 python-cherrypy -- missing input sanitising
It was discovered that a directory traversal vulnerability in CherryPy, a pythonic, object-oriented web development framework, may lead to denial of service by deleting files through malicious session IDs in cookies The old stable distribution (sarge) doesn't contain python-cherrypy For the stable distribution (etch), this problem has been fixed ...

References

CWE-22http://www.cherrypy.org/changeset/1774http://www.cherrypy.org/changeset/1775http://www.cherrypy.org/changeset/1776http://www.cherrypy.org/ticket/744https://bugs.gentoo.org/show_bug.cgi?id=204829http://secunia.com/advisories/28354https://issues.rpath.com/browse/RPL-2127http://www.securityfocus.com/bid/27181http://secunia.com/advisories/28611http://security.gentoo.org/glsa/glsa-200801-11.xmlhttp://secunia.com/advisories/28620http://www.debian.org/security/2008/dsa-1481http://secunia.com/advisories/28769http://secunia.com/advisories/28353https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00297.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-January/msg00240.htmlhttp://www.vupen.com/english/advisories/2008/0039http://www.securityfocus.com/archive/1/487001/100/0/threadedhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=461069https://nvd.nist.govhttps://www.debian.org/security/./dsa-1481
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21991CVE-2024-32674path traversalCVE-2023-21987denial of servicedosCVE-2024-4647CVE-2024-25519CVE-2024-33612
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook