Family: Fedora Local Security Checks --> Category: infos
Fedora Core 3 2005-140: mod_python Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the mod_python package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory FEDORA-2005-140 (mod_python).
Mod_python is a module that embeds the Python language interpreter
the server, allowing Apache handlers to be written in Python.
Mod_python brings together the versatility of Python and the power of
the Apache Web server for a considerable boost in flexibility and
performance over the traditional CGI approach.
Graham Dumpleton discovered a flaw affecting the publisher handler of
mod_python, used to make objects inside modules callable via URL.
A remote user could visit a carefully crafted URL that would gain
objects that should not be visible, leading to an information leak.
Common Vulnerabilities and Exposures project (cve.mitre.org) has
the name CVE-2005-0088 to this issue.
This update includes a patch which fixes this issue.
Solution : http://www.fedoranews.org/blog/index.php?p=392
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.