Family: Red Hat Local Security Checks --> Category: infos
RHSA-2005-100: mod_python Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the mod_python packages
Detailed Explanation for this Vulnerability Test
An updated mod_python package that fixes a security issue in the publisher
handle is now available for Red Hat Enterprise Linux 4.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Mod_python is a module that embeds the Python language interpreter within
the Apache web server, allowing handlers to be written in Python.
Graham Dumpleton discovered a flaw affecting the publisher handler of
mod_python, used to make objects inside modules callable via URL.
A remote user could visit a carefully crafted URL that would gain access to
objects that should not be visible, leading to an information leak. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CVE-2005-0088 to this issue.
Users of mod_python are advised to upgrade to this updated package,
which contains a backported patch to correct this issue.
Solution : http://rhn.redhat.com/errata/RHSA-2005-100.html
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.