[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248364

 
 

909

 
 

195388

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2021-28861Date: (C)2022-08-24   (M)2024-04-19


Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It only implements basic security checks."

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 7.4CVSS Score :
Exploit Score: 2.8Exploit Score:
Impact Score: 4.0Impact Score:
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector:
Attack Complexity: LOWAccess Complexity:
Privileges Required: NONEAuthentication:
User Interaction: REQUIREDConfidentiality:
Scope: CHANGEDIntegrity:
Confidentiality: HIGHAvailability:
Integrity: NONE 
Availability: NONE 
  
Reference:
FEDORA-2022-01d5789c08
FEDORA-2022-15f1aa7dc7
FEDORA-2022-20116fb6aa
FEDORA-2022-2173709172
FEDORA-2022-4ac2e16969
FEDORA-2022-61d8e8d880
FEDORA-2022-79843dfb3c
FEDORA-2022-7ca361a226
FEDORA-2022-7fff0f2b0b
FEDORA-2022-a27e239f5a
FEDORA-2022-a2be4bd5d8
FEDORA-2022-d1682fef04
FEDORA-2022-f511f8f58b
FEDORA-2022-fde69532df
GLSA-202305-02
https://bugs.python.org/issue43223
https://github.com/python/cpython/pull/24848
https://github.com/python/cpython/pull/93879

CWE    1
CWE-601
OVAL    41
oval:org.secpod.oval:def:89047062
oval:org.secpod.oval:def:3300529
oval:org.secpod.oval:def:2500947
oval:org.secpod.oval:def:2600012
...

© SecPod Technologies