CVE-2005-0088

Current Description

The publisher handler for mod_python 2.7.8 and earlier allows remote attackers to obtain access to restricted objects via a crafted URL.

Basic Data

PublishedMay 02, 2005
Last ModifiedOctober 19, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score7.5
SeverityHIGH
Exploitability Score10.0
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegetrue

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationApacheMod Python1.9a*******
    2.3ApplicationApacheMod Python2.0*******
    2.3ApplicationApacheMod Python2.1*******
    2.3ApplicationApacheMod Python2.2*******
    2.3ApplicationApacheMod Python2.3*******
    2.3ApplicationApacheMod Python2.4*******
    2.3ApplicationApacheMod Python2.4.1*******
    2.3ApplicationApacheMod Python2.5*******
    2.3ApplicationApacheMod Python2.6*******
    2.3ApplicationApacheMod Python2.6.1*******
    2.3ApplicationApacheMod Python2.6.2*******
    2.3ApplicationApacheMod Python2.6.3*******
    2.3ApplicationApacheMod Python2.6.4*******
    2.3ApplicationApacheMod Python2.7*******
    2.3ApplicationApacheMod Python2.7.1*******
    2.3ApplicationApacheMod Python2.7.2*******
    2.3ApplicationApacheMod Python2.7.3*******
    2.3ApplicationApacheMod Python2.7.4*******
    2.3ApplicationApacheMod Python2.7.5*******
    2.3ApplicationApacheMod Python2.7.6*******
    2.3ApplicationApacheMod Python2.7.7*******
    2.3ApplicationApacheMod Python********2.7.8

Vulnerable Software List

VendorProductVersions
Apache Mod Python *, 1.9a, 2.0, 2.1, 2.2, 2.3, 2.4, 2.4.1, 2.5, 2.6, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.7, 2.7.1, 2.7.2, 2.7.3, 2.7.4, 2.7.5, 2.7.6, 2.7.7

References

NameSourceURLTags
CLA-2005:926http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000926CONECTIVA
20050211 [USN-80-1] mod_python vulnerabilityhttp://marc.info/?l=bugtraq&m=110815313218389&w=2BUGTRAQ
GLSA-200502-14http://security.gentoo.org/glsa/glsa-200502-14.xmlGENTOOPatch
1013156http://securitytracker.com/id?1013156SECTRACK
DSA-689http://www.debian.org/security/2005/dsa-689DEBIANPatch
VU#356409http://www.kb.cert.org/vuls/id/356409CERT-VNUS Government Resource
RHSA-2005:100http://www.redhat.com/support/errata/RHSA-2005-100.htmlREDHAT
RHSA-2005:104http://www.redhat.com/support/errata/RHSA-2005-104.htmlREDHAT
FLSA:152896http://www.securityfocus.com/archive/1/430286/100/0/threadedFEDORA
12519http://www.securityfocus.com/bid/12519BID
2005-0003http://www.trustix.org/errata/2005/0003/TRUSTIX
oval:org.mitre.oval:def:10617https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10617OVAL