Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

[CandyPress] eCommerce suite (SQL Injection + XSS + Path Disclosure)

Pre Dynamic Institution bypass

Pre Hotel and Resorts reservation portal login bypass

E-SMART CART bypass

From:	RPATH
Date:	25.01.2008
Subject:	rPSA-2008-0030-1 CherryPy

rPath Security Advisory: 2008-0030-1
Published: 2008-01-24
Products:
   rPath Linux 1

Rating: Major
Exposure Level Classification:
   Remote Deterministic Unauthorized Access
Updated Versions:
   CherryPy=conary.rpath.com@rpl:1/2.2.1-4.1-1

rPath Issue Tracking System:
   https://issues.rpath.com/browse/RPL-2127

References:
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0252

Description:
   Previous versions of the CherryPy package contain a directory-traversal
   vulnerability that may allow remote attackers using maliciously crafted
   cookies to create, delete, read, and write arbitrary files.

http://wiki.rpath.com/Advisories:rPSA-2008-0030

Copyright 2008 rPath, Inc.
This file is distributed under the terms of the MIT License.
A copy is available at http://www.rpath.com/permanent/mit-license.html