|
Family: CGI abuses --> Category: attack
CherryPy staticFilter Directory Traversal Vulnerability Vulnerability Scan
Vulnerability Scan Summary Checks for staticFilter directory traversal vulnerability in CherryPy
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server is prone to directory traversal attacks.
Description :
The remote host is running CherryPy, a web server powered by Python.
The installed version of CherryPy fails to filter directory traversal
sequences from requests that pass through its 'staticFilter' module.
A possible hacker can exploit this issue to read arbitrary files on the
remote host subject to the rights under which the affected
application runs.
See also :
http://www.nessus.org/u?11e78d5a
Solution :
Upgrade to CherryPy version 2.1.1 or later.
Threat Level:
Low / CVSS Base Score : 2.3
(AV:R/AC:L/Au:NR/C:P/I:N/A:N/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|