This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Pythonpaste First view 2010-11-05
Product Paste Last view 2012-05-01
Version 1.6 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:pythonpaste:paste

Activity : Overall

Related : CVE

  Date Alert Description
5.1 2012-05-01 CVE-2012-0878

Paste Script 1.7.5 and earlier does not properly set group memberships during execution with root privileges, which might allow remote attackers to bypass intended file-access restrictions by leveraging a web application that uses the local filesystem.

4.3 2010-11-05 CVE-2010-2477

Multiple cross-site scripting (XSS) vulnerabilities in the paste.httpexceptions implementation in Paste before 1.7.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving a 404 status code, related to (1) paste.urlparser.StaticURLParser, (2) paste.urlparser.PkgResourcesParser, (3) paste.urlmap.URLMap, and (4) HTTPNotFound.

CWE : Common Weakness Enumeration

%idName
50% (1) CWE-264 Permissions, Privileges, and Access Controls
50% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')

Open Source Vulnerability Database (OSVDB)

id Description
65809 Paste paste.httpexceptions 404 Message XSS

OpenVAS Exploits

id Description
2012-08-30 Name : Fedora Update for python-paste-script FEDORA-2012-2302
File : nvt/gb_fedora_2012_2302_python-paste-script_fc17.nasl
2012-08-28 Name : CentOS Update for python-paste-script CESA-2012:1206 centos6
File : nvt/gb_CESA-2012_1206_python-paste-script_centos6.nasl
2012-08-28 Name : RedHat Update for python-paste-script RHSA-2012:1206-01
File : nvt/gb_RHSA-2012_1206-01_python-paste-script.nasl
2012-04-11 Name : Fedora Update for python-paste-script FEDORA-2012-2413
File : nvt/gb_fedora_2012_2413_python-paste-script_fc15.nasl
2012-04-11 Name : Fedora Update for python-paste-script FEDORA-2012-2418
File : nvt/gb_fedora_2012_2418_python-paste-script_fc16.nasl
2010-12-23 Name : Ubuntu Update for paste vulnerability USN-1026-1
File : nvt/gb_ubuntu_USN_1026_1.nasl

Nessus® Vulnerability Scanner

id Description
2013-07-12 Name: The remote Oracle Linux host is missing a security update.
File: oraclelinux_ELSA-2012-1206.nasl - Type: ACT_GATHER_INFO
2012-08-28 Name: The remote CentOS host is missing a security update.
File: centos_RHSA-2012-1206.nasl - Type: ACT_GATHER_INFO
2012-08-28 Name: The remote Red Hat host is missing a security update.
File: redhat-RHSA-2012-1206.nasl - Type: ACT_GATHER_INFO
2012-08-28 Name: The remote Scientific Linux host is missing a security update.
File: sl_20120827_python_paste_script_on_SL6_x.nasl - Type: ACT_GATHER_INFO
2012-04-12 Name: The remote Fedora host is missing a security update.
File: fedora_2012-2302.nasl - Type: ACT_GATHER_INFO
2012-04-09 Name: The remote Fedora host is missing a security update.
File: fedora_2012-2413.nasl - Type: ACT_GATHER_INFO
2012-04-09 Name: The remote Fedora host is missing a security update.
File: fedora_2012-2418.nasl - Type: ACT_GATHER_INFO
2010-12-08 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-1026-1.nasl - Type: ACT_GATHER_INFO