This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Detail | |||
|---|---|---|---|
| Vendor | Pythonpaste | First view | 2010-11-05 |
| Product | Paste | Last view | 2012-05-01 |
| Version | 1.6 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:pythonpaste:paste | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 5.1 | 2012-05-01 | CVE-2012-0878 | Paste Script 1.7.5 and earlier does not properly set group memberships during execution with root privileges, which might allow remote attackers to bypass intended file-access restrictions by leveraging a web application that uses the local filesystem. |
| 4.3 | 2010-11-05 | CVE-2010-2477 | Multiple cross-site scripting (XSS) vulnerabilities in the paste.httpexceptions implementation in Paste before 1.7.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving a 404 status code, related to (1) paste.urlparser.StaticURLParser, (2) paste.urlparser.PkgResourcesParser, (3) paste.urlmap.URLMap, and (4) HTTPNotFound. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 50% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
| 50% (1) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 65809 | Paste paste.httpexceptions 404 Message XSS |
OpenVAS Exploits
| id | Description |
|---|---|
| 2012-08-30 | Name : Fedora Update for python-paste-script FEDORA-2012-2302 File : nvt/gb_fedora_2012_2302_python-paste-script_fc17.nasl |
| 2012-08-28 | Name : CentOS Update for python-paste-script CESA-2012:1206 centos6 File : nvt/gb_CESA-2012_1206_python-paste-script_centos6.nasl |
| 2012-08-28 | Name : RedHat Update for python-paste-script RHSA-2012:1206-01 File : nvt/gb_RHSA-2012_1206-01_python-paste-script.nasl |
| 2012-04-11 | Name : Fedora Update for python-paste-script FEDORA-2012-2413 File : nvt/gb_fedora_2012_2413_python-paste-script_fc15.nasl |
| 2012-04-11 | Name : Fedora Update for python-paste-script FEDORA-2012-2418 File : nvt/gb_fedora_2012_2418_python-paste-script_fc16.nasl |
| 2010-12-23 | Name : Ubuntu Update for paste vulnerability USN-1026-1 File : nvt/gb_ubuntu_USN_1026_1.nasl |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2013-07-12 | Name: The remote Oracle Linux host is missing a security update. File: oraclelinux_ELSA-2012-1206.nasl - Type: ACT_GATHER_INFO |
| 2012-08-28 | Name: The remote CentOS host is missing a security update. File: centos_RHSA-2012-1206.nasl - Type: ACT_GATHER_INFO |
| 2012-08-28 | Name: The remote Red Hat host is missing a security update. File: redhat-RHSA-2012-1206.nasl - Type: ACT_GATHER_INFO |
| 2012-08-28 | Name: The remote Scientific Linux host is missing a security update. File: sl_20120827_python_paste_script_on_SL6_x.nasl - Type: ACT_GATHER_INFO |
| 2012-04-12 | Name: The remote Fedora host is missing a security update. File: fedora_2012-2302.nasl - Type: ACT_GATHER_INFO |
| 2012-04-09 | Name: The remote Fedora host is missing a security update. File: fedora_2012-2413.nasl - Type: ACT_GATHER_INFO |
| 2012-04-09 | Name: The remote Fedora host is missing a security update. File: fedora_2012-2418.nasl - Type: ACT_GATHER_INFO |
| 2010-12-08 | Name: The remote Ubuntu host is missing a security-related patch. File: ubuntu_USN-1026-1.nasl - Type: ACT_GATHER_INFO |
