Summary
Detail | |||
---|---|---|---|
Vendor | Pythonpaste | First view | 2010-11-05 |
Product | Paste | Last view | 2012-05-01 |
Version | 1.6 | Type | Application |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:pythonpaste:paste |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
5.1 | 2012-05-01 | CVE-2012-0878 | Paste Script 1.7.5 and earlier does not properly set group memberships during execution with root privileges, which might allow remote attackers to bypass intended file-access restrictions by leveraging a web application that uses the local filesystem. |
4.3 | 2010-11-05 | CVE-2010-2477 | Multiple cross-site scripting (XSS) vulnerabilities in the paste.httpexceptions implementation in Paste before 1.7.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving a 404 status code, related to (1) paste.urlparser.StaticURLParser, (2) paste.urlparser.PkgResourcesParser, (3) paste.urlmap.URLMap, and (4) HTTPNotFound. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
50% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
50% (1) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
65809 | Paste paste.httpexceptions 404 Message XSS |
OpenVAS Exploits
id | Description |
---|---|
2012-08-30 | Name : Fedora Update for python-paste-script FEDORA-2012-2302 File : nvt/gb_fedora_2012_2302_python-paste-script_fc17.nasl |
2012-08-28 | Name : CentOS Update for python-paste-script CESA-2012:1206 centos6 File : nvt/gb_CESA-2012_1206_python-paste-script_centos6.nasl |
2012-08-28 | Name : RedHat Update for python-paste-script RHSA-2012:1206-01 File : nvt/gb_RHSA-2012_1206-01_python-paste-script.nasl |
2012-04-11 | Name : Fedora Update for python-paste-script FEDORA-2012-2413 File : nvt/gb_fedora_2012_2413_python-paste-script_fc15.nasl |
2012-04-11 | Name : Fedora Update for python-paste-script FEDORA-2012-2418 File : nvt/gb_fedora_2012_2418_python-paste-script_fc16.nasl |
2010-12-23 | Name : Ubuntu Update for paste vulnerability USN-1026-1 File : nvt/gb_ubuntu_USN_1026_1.nasl |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2013-07-12 | Name: The remote Oracle Linux host is missing a security update. File: oraclelinux_ELSA-2012-1206.nasl - Type: ACT_GATHER_INFO |
2012-08-28 | Name: The remote CentOS host is missing a security update. File: centos_RHSA-2012-1206.nasl - Type: ACT_GATHER_INFO |
2012-08-28 | Name: The remote Red Hat host is missing a security update. File: redhat-RHSA-2012-1206.nasl - Type: ACT_GATHER_INFO |
2012-08-28 | Name: The remote Scientific Linux host is missing a security update. File: sl_20120827_python_paste_script_on_SL6_x.nasl - Type: ACT_GATHER_INFO |
2012-04-12 | Name: The remote Fedora host is missing a security update. File: fedora_2012-2302.nasl - Type: ACT_GATHER_INFO |
2012-04-09 | Name: The remote Fedora host is missing a security update. File: fedora_2012-2413.nasl - Type: ACT_GATHER_INFO |
2012-04-09 | Name: The remote Fedora host is missing a security update. File: fedora_2012-2418.nasl - Type: ACT_GATHER_INFO |
2010-12-08 | Name: The remote Ubuntu host is missing a security-related patch. File: ubuntu_USN-1026-1.nasl - Type: ACT_GATHER_INFO |