Published: 06/02/2018 Updated: 21/06/2019

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

web2py prior to 2.14.1, when using the standalone version, allows remote malicious users to obtain environment variable values via a direct request to examples/template_examples/beautify. NOTE: this issue can be leveraged by remote malicious users to gain administrative access.

Vulnerable Product	Search on Vulmon	Subscribe to Product
web2py web2py

Several security issues were fixed in web2py ...

Debian Bug report logs - #891220 web2py: CVE-2016-3952 CVE-2016-3953 CVE-2016-3954 CVE-2016-3957 Package: src:web2py; Maintainer for src:web2py is José L Redrejo Rodríguez <jredrejo@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 23 Feb 2018 14:09:02 UTC Severity: grave Tags: fixed-up ...

CWE-255 https://github.com/web2py/web2py/commit/9706d125b42481178d2b423de245f5d2faadbf40 https://devco.re/blog/2017/01/03/web2py-unserialize-code-execution-CVE-2016-3957/https://usn.ubuntu.com/4030-1/https://usn.ubuntu.com/4030-1/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2016-3952

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect