9.8 - CVE-2014-4650

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Informations
Name	CVE-2014-4650	First vendor Publication	2020-02-20
Vendor	Cve	Last vendor Modification	2022-06-27

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Overall CVSS Score	9.8
Base Score	9.8	Environmental Score	9.8
impact SubScore	5.9	Temporal Score	9.8
Exploitabality Sub Score	3.9

Attack Vector	Network	Attack Complexity	Low
Privileges Required	None	User Interaction	None
Scope	Unchanged	Confidentiality Impact	High
Integrity Impact	High	Availability Impact	High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score	7.5	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4650

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-22	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:26048

Oval ID:	oval:org.mitre.oval:def:26048
Title:	DEPRECATED: SUSE-SU-2014:1005-1 -- Security update for Python
Description:	This update for Python provides fixes for the several issues.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:1005-1 CVE-2014-4650	Version:	4
Platform(s):	SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11	Product(s):	Python
Definition Synopsis:
SUSE Linux Enterprise Server 11 and SUSE Linux Enterprise Desktop 11 release section Operation system section SUSE Linux Enterprise Server 11.x is installed AND SUSE Linux Enterprise Desktop 11.x is installed Packages match section libpython2_6-1_0 RPM is earlier than 0:2.6.9-0.31.1 AND python RPM is earlier than 0:2.6.9-0.31.1 AND python-base RPM is earlier than 0:2.6.9-0.31.1 AND python-curses RPM is earlier than 0:2.6.9-0.31.1 AND python-tk RPM is earlier than 0:2.6.9-0.31.1 AND python-xml RPM is earlier than 0:2.6.9-0.31.1 AND libpython2_6-1_0-32bit RPM is earlier than 0:2.6.9-0.31.1 AND python-base-32bit RPM is earlier than 0:2.6.9-0.31.1 AND SUSE Linux Enterprise Server 11 release section SUSE Linux Enterprise Server 11.x is installed Packages match section python-demo RPM is earlier than 0:2.6.9-0.31.1 AND python-gdbm RPM is earlier than 0:2.6.9-0.31.1 AND python-idle RPM is earlier than 0:2.6.9-0.31.1 AND python-32bit RPM is earlier than 0:2.6.9-0.31.1 AND python-doc RPM is earlier than 0:2.6-8.31.1 AND python-doc-pdf RPM is earlier than 0:2.6-8.31.1 AND SUSE Linux Enterprise Desktop 11 release section SUSE Linux Enterprise Desktop 11.x is installed AND python-devel RPM is earlier than 0:2.6.9-0.31.1

Definition Id: oval:org.mitre.oval:def:26391

Oval ID:	oval:org.mitre.oval:def:26391
Title:	SUSE-SU-2014:0997-1 -- Security update for Python
Description:	Python has been updated to version 2.6.9, which brings many fixes for bugs and security issues.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:0997-1 CVE-2014-1912 CVE-2013-1752 CVE-2013-4238 CVE-2014-4650	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11	Product(s):	Python
Definition Synopsis:
SUSE Linux Enterprise Server 11.x is installed Packages match section libpython2_6-1_0 RPM is earlier than 0:2.6.9-0.31.1 AND python RPM is earlier than 0:2.6.9-0.31.1 AND python-base RPM is earlier than 0:2.6.9-0.31.1 AND python-curses RPM is earlier than 0:2.6.9-0.31.1 AND python-demo RPM is earlier than 0:2.6.9-0.31.1 AND python-devel RPM is earlier than 0:2.6.9-0.31.1 AND python-gdbm RPM is earlier than 0:2.6.9-0.31.1 AND python-idle RPM is earlier than 0:2.6.9-0.31.1 AND python-tk RPM is earlier than 0:2.6.9-0.31.1 AND python-xml RPM is earlier than 0:2.6.9-0.31.1 AND libpython2_6-1_0-32bit RPM is earlier than 0:2.6.9-0.31.1 AND python-32bit RPM is earlier than 0:2.6.9-0.31.1 AND python-base-32bit RPM is earlier than 0:2.6.9-0.31.1 AND python-doc RPM is earlier than 0:2.6-8.31.1 AND python-doc-pdf RPM is earlier than 0:2.6-8.31.1

Definition Id: oval:org.mitre.oval:def:26568

Oval ID:	oval:org.mitre.oval:def:26568
Title:	SUSE-SU-2014:1012-1 -- Security update for Python
Description:	Python has been updated to version 2.6.9, which brings many fixes for bugs and security issues.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:1012-1 CVE-2014-1912 CVE-2013-1752 CVE-2013-4238 CVE-2014-4650	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11	Product(s):	Python
Definition Synopsis:
SUSE Linux Enterprise Server 11.x is installed Packages match section libpython2_6-1_0 RPM is earlier than 0:2.6.9-0.31.1 AND python RPM is earlier than 0:2.6.9-0.31.1 AND python-base RPM is earlier than 0:2.6.9-0.31.1 AND python-curses RPM is earlier than 0:2.6.9-0.31.1 AND python-demo RPM is earlier than 0:2.6.9-0.31.1 AND python-devel RPM is earlier than 0:2.6.9-0.31.1 AND python-gdbm RPM is earlier than 0:2.6.9-0.31.1 AND python-idle RPM is earlier than 0:2.6.9-0.31.1 AND python-tk RPM is earlier than 0:2.6.9-0.31.1 AND python-xml RPM is earlier than 0:2.6.9-0.31.1 AND libpython2_6-1_0-32bit RPM is earlier than 0:2.6.9-0.31.1 AND python-32bit RPM is earlier than 0:2.6.9-0.31.1 AND python-base-32bit RPM is earlier than 0:2.6.9-0.31.1 AND python-doc RPM is earlier than 0:2.6-8.31.1 AND python-doc-pdf RPM is earlier than 0:2.6-8.31.1

Definition Id: oval:org.mitre.oval:def:26575

Oval ID:	oval:org.mitre.oval:def:26575
Title:	SUSE-SU-2014:0998-1 -- Security update for Python
Description:	This update for Python provides fixes for the several issues.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:0998-1 CVE-2014-4650	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11	Product(s):	Python
Definition Synopsis:
SUSE Linux Enterprise Server 11 and SUSE Linux Enterprise Desktop 11 release section Operation system section SUSE Linux Enterprise Server 11.x is installed AND SUSE Linux Enterprise Desktop 11.x is installed Packages match section libpython2_6-1_0 RPM is earlier than 0:2.6.9-0.31.1 AND python RPM is earlier than 0:2.6.9-0.31.1 AND python-base RPM is earlier than 0:2.6.9-0.31.1 AND python-curses RPM is earlier than 0:2.6.9-0.31.1 AND python-tk RPM is earlier than 0:2.6.9-0.31.1 AND python-xml RPM is earlier than 0:2.6.9-0.31.1 AND libpython2_6-1_0-32bit RPM is earlier than 0:2.6.9-0.31.1 AND python-base-32bit RPM is earlier than 0:2.6.9-0.31.1 AND SUSE Linux Enterprise Server 11 release section SUSE Linux Enterprise Server 11.x is installed Packages match section python-demo RPM is earlier than 0:2.6.9-0.31.1 AND python-gdbm RPM is earlier than 0:2.6.9-0.31.1 AND python-idle RPM is earlier than 0:2.6.9-0.31.1 AND python-32bit RPM is earlier than 0:2.6.9-0.31.1 AND python-doc RPM is earlier than 0:2.6-8.31.1 AND python-doc-pdf RPM is earlier than 0:2.6-8.31.1 AND SUSE Linux Enterprise Desktop 11 release section SUSE Linux Enterprise Desktop 11.x is installed AND python-devel RPM is earlier than 0:2.6.9-0.31.1

Definition Id: oval:org.mitre.oval:def:26582

Oval ID:	oval:org.mitre.oval:def:26582
Title:	SUSE-SU-2014:1006-1 -- Security update for Python
Description:	Python has been updated to version 2.6.9, which brings many fixes for bugs and security issues.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:1006-1 CVE-2014-1912 CVE-2013-1752 CVE-2013-4238 CVE-2014-4650	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11	Product(s):	Python
Definition Synopsis:
SUSE Linux Enterprise Server 11.x is installed Packages match section libpython2_6-1_0 RPM is earlier than 0:2.6.9-0.31.1 AND python RPM is earlier than 0:2.6.9-0.31.1 AND python-base RPM is earlier than 0:2.6.9-0.31.1 AND python-curses RPM is earlier than 0:2.6.9-0.31.1 AND python-demo RPM is earlier than 0:2.6.9-0.31.1 AND python-devel RPM is earlier than 0:2.6.9-0.31.1 AND python-gdbm RPM is earlier than 0:2.6.9-0.31.1 AND python-idle RPM is earlier than 0:2.6.9-0.31.1 AND python-tk RPM is earlier than 0:2.6.9-0.31.1 AND python-xml RPM is earlier than 0:2.6.9-0.31.1 AND libpython2_6-1_0-32bit RPM is earlier than 0:2.6.9-0.31.1 AND python-32bit RPM is earlier than 0:2.6.9-0.31.1 AND python-base-32bit RPM is earlier than 0:2.6.9-0.31.1 AND python-doc RPM is earlier than 0:2.6-8.31.1 AND python-doc-pdf RPM is earlier than 0:2.6-8.31.1

Definition Id: oval:org.mitre.oval:def:26599

Oval ID:	oval:org.mitre.oval:def:26599
Title:	SUSE-SU-2014:1009-1 -- Security update for Python
Description:	This update for Python provides fixes for the several issues.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:1009-1 CVE-2014-4650	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11	Product(s):	Python
Definition Synopsis:
SUSE Linux Enterprise Server 11 and SUSE Linux Enterprise Desktop 11 release section Operation system section SUSE Linux Enterprise Server 11.x is installed AND SUSE Linux Enterprise Desktop 11.x is installed Packages match section libpython2_6-1_0 RPM is earlier than 0:2.6.9-0.31.1 AND python RPM is earlier than 0:2.6.9-0.31.1 AND python-base RPM is earlier than 0:2.6.9-0.31.1 AND python-curses RPM is earlier than 0:2.6.9-0.31.1 AND python-tk RPM is earlier than 0:2.6.9-0.31.1 AND python-xml RPM is earlier than 0:2.6.9-0.31.1 AND libpython2_6-1_0-32bit RPM is earlier than 0:2.6.9-0.31.1 AND python-base-32bit RPM is earlier than 0:2.6.9-0.31.1 AND SUSE Linux Enterprise Server 11 release section SUSE Linux Enterprise Server 11.x is installed Packages match section python-demo RPM is earlier than 0:2.6.9-0.31.1 AND python-gdbm RPM is earlier than 0:2.6.9-0.31.1 AND python-idle RPM is earlier than 0:2.6.9-0.31.1 AND python-32bit RPM is earlier than 0:2.6.9-0.31.1 AND python-doc RPM is earlier than 0:2.6-8.31.1 AND python-doc-pdf RPM is earlier than 0:2.6-8.31.1 AND SUSE Linux Enterprise Desktop 11 release section SUSE Linux Enterprise Desktop 11.x is installed AND python-devel RPM is earlier than 0:2.6.9-0.31.1

Definition Id: oval:org.mitre.oval:def:26609

Oval ID:	oval:org.mitre.oval:def:26609
Title:	DEPRECATED: SUSE-SU-2014:0998-1 -- Security update for Python
Description:	This update for Python provides fixes for the several issues.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:0998-1 CVE-2014-4650	Version:	4
Platform(s):	SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11	Product(s):	Python
Definition Synopsis:
SUSE Linux Enterprise Server 11 and SUSE Linux Enterprise Desktop 11 release section Operation system section SUSE Linux Enterprise Server 11.x is installed AND SUSE Linux Enterprise Desktop 11.x is installed Packages match section libpython2_6-1_0 RPM is earlier than 0:2.6.9-0.31.1 AND python RPM is earlier than 0:2.6.9-0.31.1 AND python-base RPM is earlier than 0:2.6.9-0.31.1 AND python-curses RPM is earlier than 0:2.6.9-0.31.1 AND python-tk RPM is earlier than 0:2.6.9-0.31.1 AND python-xml RPM is earlier than 0:2.6.9-0.31.1 AND libpython2_6-1_0-32bit RPM is earlier than 0:2.6.9-0.31.1 AND python-base-32bit RPM is earlier than 0:2.6.9-0.31.1 AND SUSE Linux Enterprise Server 11 release section SUSE Linux Enterprise Server 11.x is installed Packages match section python-demo RPM is earlier than 0:2.6.9-0.31.1 AND python-gdbm RPM is earlier than 0:2.6.9-0.31.1 AND python-idle RPM is earlier than 0:2.6.9-0.31.1 AND python-32bit RPM is earlier than 0:2.6.9-0.31.1 AND python-doc RPM is earlier than 0:2.6-8.31.1 AND python-doc-pdf RPM is earlier than 0:2.6-8.31.1 AND SUSE Linux Enterprise Desktop 11 release section SUSE Linux Enterprise Desktop 11.x is installed AND python-devel RPM is earlier than 0:2.6.9-0.31.1

Definition Id: oval:org.mitre.oval:def:26776

Oval ID:	oval:org.mitre.oval:def:26776
Title:	DEPRECATED: SUSE-SU-2014:0997-1 -- Security update for Python
Description:	Python has been updated to version 2.6.9, which brings many fixes for bugs and security issues.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:0997-1 CVE-2014-1912 CVE-2013-1752 CVE-2013-4238 CVE-2014-4650	Version:	4
Platform(s):	SUSE Linux Enterprise Server 11	Product(s):	Python
Definition Synopsis:
SUSE Linux Enterprise Server 11.x is installed Packages match section libpython2_6-1_0 RPM is earlier than 0:2.6.9-0.31.1 AND python RPM is earlier than 0:2.6.9-0.31.1 AND python-base RPM is earlier than 0:2.6.9-0.31.1 AND python-curses RPM is earlier than 0:2.6.9-0.31.1 AND python-demo RPM is earlier than 0:2.6.9-0.31.1 AND python-devel RPM is earlier than 0:2.6.9-0.31.1 AND python-gdbm RPM is earlier than 0:2.6.9-0.31.1 AND python-idle RPM is earlier than 0:2.6.9-0.31.1 AND python-tk RPM is earlier than 0:2.6.9-0.31.1 AND python-xml RPM is earlier than 0:2.6.9-0.31.1 AND libpython2_6-1_0-32bit RPM is earlier than 0:2.6.9-0.31.1 AND python-32bit RPM is earlier than 0:2.6.9-0.31.1 AND python-base-32bit RPM is earlier than 0:2.6.9-0.31.1 AND python-doc RPM is earlier than 0:2.6-8.31.1 AND python-doc-pdf RPM is earlier than 0:2.6-8.31.1

Definition Id: oval:org.mitre.oval:def:26795

Oval ID:	oval:org.mitre.oval:def:26795
Title:	DEPRECATED: SUSE-SU-2014:1009-1 -- Security update for Python
Description:	This update for Python provides fixes for the several issues.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:1009-1 CVE-2014-4650	Version:	4
Platform(s):	SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11	Product(s):	Python
Definition Synopsis:
SUSE Linux Enterprise Server 11 and SUSE Linux Enterprise Desktop 11 release section Operation system section SUSE Linux Enterprise Server 11.x is installed AND SUSE Linux Enterprise Desktop 11.x is installed Packages match section libpython2_6-1_0 RPM is earlier than 0:2.6.9-0.31.1 AND python RPM is earlier than 0:2.6.9-0.31.1 AND python-base RPM is earlier than 0:2.6.9-0.31.1 AND python-curses RPM is earlier than 0:2.6.9-0.31.1 AND python-tk RPM is earlier than 0:2.6.9-0.31.1 AND python-xml RPM is earlier than 0:2.6.9-0.31.1 AND libpython2_6-1_0-32bit RPM is earlier than 0:2.6.9-0.31.1 AND python-base-32bit RPM is earlier than 0:2.6.9-0.31.1 AND SUSE Linux Enterprise Server 11 release section SUSE Linux Enterprise Server 11.x is installed Packages match section python-demo RPM is earlier than 0:2.6.9-0.31.1 AND python-gdbm RPM is earlier than 0:2.6.9-0.31.1 AND python-idle RPM is earlier than 0:2.6.9-0.31.1 AND python-32bit RPM is earlier than 0:2.6.9-0.31.1 AND python-doc RPM is earlier than 0:2.6-8.31.1 AND python-doc-pdf RPM is earlier than 0:2.6-8.31.1 AND SUSE Linux Enterprise Desktop 11 release section SUSE Linux Enterprise Desktop 11.x is installed AND python-devel RPM is earlier than 0:2.6.9-0.31.1

Definition Id: oval:org.mitre.oval:def:26865

Oval ID:	oval:org.mitre.oval:def:26865
Title:	SUSE-SU-2014:1011-1 -- Security update for Python
Description:	This update for Python provides fixes for the following issues.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:1011-1 CVE-2014-4650	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11	Product(s):	Python
Definition Synopsis:
SUSE Linux Enterprise Server 11 and SUSE Linux Enterprise Desktop 11 release section Operation system section SUSE Linux Enterprise Server 11.x is installed AND SUSE Linux Enterprise Desktop 11.x is installed Packages match section libpython2_6-1_0 RPM is earlier than 0:2.6.9-0.31.1 AND python RPM is earlier than 0:2.6.9-0.31.1 AND python-base RPM is earlier than 0:2.6.9-0.31.1 AND python-curses RPM is earlier than 0:2.6.9-0.31.1 AND python-tk RPM is earlier than 0:2.6.9-0.31.1 AND python-xml RPM is earlier than 0:2.6.9-0.31.1 AND libpython2_6-1_0-32bit RPM is earlier than 0:2.6.9-0.31.1 AND python-base-32bit RPM is earlier than 0:2.6.9-0.31.1 AND SUSE Linux Enterprise Server 11 release section SUSE Linux Enterprise Server 11.x is installed Packages match section python-demo RPM is earlier than 0:2.6.9-0.31.1 AND python-gdbm RPM is earlier than 0:2.6.9-0.31.1 AND python-idle RPM is earlier than 0:2.6.9-0.31.1 AND python-32bit RPM is earlier than 0:2.6.9-0.31.1 AND python-doc RPM is earlier than 0:2.6-8.31.1 AND python-doc-pdf RPM is earlier than 0:2.6-8.31.1 AND SUSE Linux Enterprise Desktop 11 release section SUSE Linux Enterprise Desktop 11.x is installed AND python-devel RPM is earlier than 0:2.6.9-0.31.1

Definition Id: oval:org.mitre.oval:def:26873

Oval ID:	oval:org.mitre.oval:def:26873
Title:	SUSE-SU-2014:1005-1 -- Security update for Python
Description:	This update for Python provides fixes for the several issues.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:1005-1 CVE-2014-4650	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11	Product(s):	Python
Definition Synopsis:
SUSE Linux Enterprise Server 11 and SUSE Linux Enterprise Desktop 11 release section Operation system section SUSE Linux Enterprise Server 11.x is installed AND SUSE Linux Enterprise Desktop 11.x is installed Packages match section libpython2_6-1_0 RPM is earlier than 0:2.6.9-0.31.1 AND python RPM is earlier than 0:2.6.9-0.31.1 AND python-base RPM is earlier than 0:2.6.9-0.31.1 AND python-curses RPM is earlier than 0:2.6.9-0.31.1 AND python-tk RPM is earlier than 0:2.6.9-0.31.1 AND python-xml RPM is earlier than 0:2.6.9-0.31.1 AND libpython2_6-1_0-32bit RPM is earlier than 0:2.6.9-0.31.1 AND python-base-32bit RPM is earlier than 0:2.6.9-0.31.1 AND SUSE Linux Enterprise Server 11 release section SUSE Linux Enterprise Server 11.x is installed Packages match section python-demo RPM is earlier than 0:2.6.9-0.31.1 AND python-gdbm RPM is earlier than 0:2.6.9-0.31.1 AND python-idle RPM is earlier than 0:2.6.9-0.31.1 AND python-32bit RPM is earlier than 0:2.6.9-0.31.1 AND python-doc RPM is earlier than 0:2.6-8.31.1 AND python-doc-pdf RPM is earlier than 0:2.6-8.31.1 AND SUSE Linux Enterprise Desktop 11 release section SUSE Linux Enterprise Desktop 11.x is installed AND python-devel RPM is earlier than 0:2.6.9-0.31.1

Definition Id: oval:org.mitre.oval:def:27004

Oval ID:	oval:org.mitre.oval:def:27004
Title:	DEPRECATED: SUSE-SU-2014:1011-1 -- Security update for Python
Description:	This update for Python provides fixes for the following issues.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:1011-1 CVE-2014-4650	Version:	4
Platform(s):	SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11	Product(s):	Python
Definition Synopsis:
SUSE Linux Enterprise Server 11 and SUSE Linux Enterprise Desktop 11 release section Operation system section SUSE Linux Enterprise Server 11.x is installed AND SUSE Linux Enterprise Desktop 11.x is installed Packages match section libpython2_6-1_0 RPM is earlier than 0:2.6.9-0.31.1 AND python RPM is earlier than 0:2.6.9-0.31.1 AND python-base RPM is earlier than 0:2.6.9-0.31.1 AND python-curses RPM is earlier than 0:2.6.9-0.31.1 AND python-tk RPM is earlier than 0:2.6.9-0.31.1 AND python-xml RPM is earlier than 0:2.6.9-0.31.1 AND libpython2_6-1_0-32bit RPM is earlier than 0:2.6.9-0.31.1 AND python-base-32bit RPM is earlier than 0:2.6.9-0.31.1 AND SUSE Linux Enterprise Server 11 release section SUSE Linux Enterprise Server 11.x is installed Packages match section python-demo RPM is earlier than 0:2.6.9-0.31.1 AND python-gdbm RPM is earlier than 0:2.6.9-0.31.1 AND python-idle RPM is earlier than 0:2.6.9-0.31.1 AND python-32bit RPM is earlier than 0:2.6.9-0.31.1 AND python-doc RPM is earlier than 0:2.6-8.31.1 AND python-doc-pdf RPM is earlier than 0:2.6-8.31.1 AND SUSE Linux Enterprise Desktop 11 release section SUSE Linux Enterprise Desktop 11.x is installed AND python-devel RPM is earlier than 0:2.6.9-0.31.1

Definition Id: oval:org.mitre.oval:def:27010

Oval ID:	oval:org.mitre.oval:def:27010
Title:	DEPRECATED: SUSE-SU-2014:1012-1 -- Security update for Python
Description:	Python has been updated to version 2.6.9, which brings many fixes for bugs and security issues.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:1012-1 CVE-2014-1912 CVE-2013-1752 CVE-2013-4238 CVE-2014-4650	Version:	4
Platform(s):	SUSE Linux Enterprise Server 11	Product(s):	Python
Definition Synopsis:
SUSE Linux Enterprise Server 11.x is installed Packages match section libpython2_6-1_0 RPM is earlier than 0:2.6.9-0.31.1 AND python RPM is earlier than 0:2.6.9-0.31.1 AND python-base RPM is earlier than 0:2.6.9-0.31.1 AND python-curses RPM is earlier than 0:2.6.9-0.31.1 AND python-demo RPM is earlier than 0:2.6.9-0.31.1 AND python-devel RPM is earlier than 0:2.6.9-0.31.1 AND python-gdbm RPM is earlier than 0:2.6.9-0.31.1 AND python-idle RPM is earlier than 0:2.6.9-0.31.1 AND python-tk RPM is earlier than 0:2.6.9-0.31.1 AND python-xml RPM is earlier than 0:2.6.9-0.31.1 AND libpython2_6-1_0-32bit RPM is earlier than 0:2.6.9-0.31.1 AND python-32bit RPM is earlier than 0:2.6.9-0.31.1 AND python-base-32bit RPM is earlier than 0:2.6.9-0.31.1 AND python-doc RPM is earlier than 0:2.6-8.31.1 AND python-doc-pdf RPM is earlier than 0:2.6-8.31.1

Definition Id: oval:org.mitre.oval:def:27033

Oval ID:	oval:org.mitre.oval:def:27033
Title:	DEPRECATED: SUSE-SU-2014:1006-1 -- Security update for Python
Description:	Python has been updated to version 2.6.9, which brings many fixes for bugs and security issues.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:1006-1 CVE-2014-1912 CVE-2013-1752 CVE-2013-4238 CVE-2014-4650	Version:	4
Platform(s):	SUSE Linux Enterprise Server 11	Product(s):	Python
Definition Synopsis:
SUSE Linux Enterprise Server 11.x is installed Packages match section libpython2_6-1_0 RPM is earlier than 0:2.6.9-0.31.1 AND python RPM is earlier than 0:2.6.9-0.31.1 AND python-base RPM is earlier than 0:2.6.9-0.31.1 AND python-curses RPM is earlier than 0:2.6.9-0.31.1 AND python-demo RPM is earlier than 0:2.6.9-0.31.1 AND python-devel RPM is earlier than 0:2.6.9-0.31.1 AND python-gdbm RPM is earlier than 0:2.6.9-0.31.1 AND python-idle RPM is earlier than 0:2.6.9-0.31.1 AND python-tk RPM is earlier than 0:2.6.9-0.31.1 AND python-xml RPM is earlier than 0:2.6.9-0.31.1 AND libpython2_6-1_0-32bit RPM is earlier than 0:2.6.9-0.31.1 AND python-32bit RPM is earlier than 0:2.6.9-0.31.1 AND python-base-32bit RPM is earlier than 0:2.6.9-0.31.1 AND python-doc RPM is earlier than 0:2.6-8.31.1 AND python-doc-pdf RPM is earlier than 0:2.6-8.31.1

CPE : Common Platform Enumeration

Type	Description	Count
Application	Python cpe:2.3:a:python:python:3.4.1:-:::::: cpe:2.3:a:python:python:3.4.1:rc1:::::: cpe:2.3:a:python:python:3.4.0:-:::::: cpe:2.3:a:python:python:3.4.0:alpha1:::::: cpe:2.3:a:python:python:3.4.0:alpha2:::::: cpe:2.3:a:python:python:3.4.0:alpha3:::::: cpe:2.3:a:python:python:3.4.0:alpha4:::::: cpe:2.3:a:python:python:3.4.0:beta1:::::: cpe:2.3:a:python:python:3.4.0:beta2:::::: cpe:2.3:a:python:python:3.4.0:beta3:::::: cpe:2.3:a:python:python:3.4.0:rc1:::::: cpe:2.3:a:python:python:3.4.0:rc2:::::: cpe:2.3:a:python:python:3.4.0:rc3:::::: cpe:2.3:a:python:python:3.4:alpha1:::::: cpe:2.3:a:python:python:3.3.7:-:::::: cpe:2.3:a:python:python:3.3.7:rc1:::::: cpe:2.3:a:python:python:3.3.6:rc1:::::: cpe:2.3:a:python:python:3.3.6:-:::::: cpe:2.3:a:python:python:3.3.5:rc2:::::: cpe:2.3:a:python:python:3.3.5:-:::::: cpe:2.3:a:python:python:3.3.5:rc1:::::: cpe:2.3:a:python:python:3.3.4:rc1:::::: cpe:2.3:a:python:python:3.3.4:-:::::: cpe:2.3:a:python:python:3.3.3:rc1:::::: cpe:2.3:a:python:python:3.3.3:rc2:::::: cpe:2.3:a:python:python:3.3.3:-:::::: cpe:2.3:a:python:python:3.3.2:::::::* cpe:2.3:a:python:python:3.3.1:rc1:::::: cpe:2.3:a:python:python:3.3.1:-:::::: cpe:2.3:a:python:python:3.3.0:-:::::: cpe:2.3:a:python:python:3.3.0:alpha1:::::: cpe:2.3:a:python:python:3.3.0:alpha2:::::: cpe:2.3:a:python:python:3.3.0:alpha3:::::: cpe:2.3:a:python:python:3.3.0:alpha4:::::: cpe:2.3:a:python:python:3.3.0:beta1:::::: cpe:2.3:a:python:python:3.3.0:beta2:::::: cpe:2.3:a:python:python:3.3.0:rc1:::::: cpe:2.3:a:python:python:3.3.0:rc2:::::: cpe:2.3:a:python:python:3.3.0:rc3:::::: cpe:2.3:a:python:python:3.3:beta2:::::: cpe:2.3:a:python:python:3.3:::::::* cpe:2.3:a:python:python:3.2.6:-:::::: cpe:2.3:a:python:python:3.2.6:rc1:::::: cpe:2.3:a:python:python:3.2.5:::::::* cpe:2.3:a:python:python:3.2.4:-:::::: cpe:2.3:a:python:python:3.2.4:rc1:::::: cpe:2.3:a:python:python:3.2.3:-:::::: cpe:2.3:a:python:python:3.2.3:rc1:::::: cpe:2.3:a:python:python:3.2.3:rc2:::::: cpe:2.3:a:python:python:3.2.2150:::::::* cpe:2.3:a:python:python:3.2.2:-:::::: cpe:2.3:a:python:python:3.2.2:rc1:::::: cpe:2.3:a:python:python:3.2.1:-:::::: cpe:2.3:a:python:python:3.2.1:beta1:::::: cpe:2.3:a:python:python:3.2.1:rc1:::::: cpe:2.3:a:python:python:3.2.1:rc2:::::: cpe:2.3:a:python:python:3.2.0:::::::* cpe:2.3:a:python:python:3.2:alpha:::::: cpe:2.3:a:python:python:3.2:-:::::: cpe:2.3:a:python:python:3.2:alpha1:::::: cpe:2.3:a:python:python:3.2:alpha2:::::: cpe:2.3:a:python:python:3.2:alpha3:::::: cpe:2.3:a:python:python:3.2:alpha4:::::: cpe:2.3:a:python:python:3.2:beta1:::::: cpe:2.3:a:python:python:3.2:beta2:::::: cpe:2.3:a:python:python:3.2:rc1:::::: cpe:2.3:a:python:python:3.2:rc2:::::: cpe:2.3:a:python:python:3.2:rc3:::::: cpe:2.3:a:python:python:3.1.5:-:::::: cpe:2.3:a:python:python:3.1.5:rc1:::::: cpe:2.3:a:python:python:3.1.5:rc2:::::: cpe:2.3:a:python:python:3.1.4:-:::::: cpe:2.3:a:python:python:3.1.4:rc1:::::: cpe:2.3:a:python:python:3.1.3:-:::::: cpe:2.3:a:python:python:3.1.3:rc1:::::: cpe:2.3:a:python:python:3.1.2150::::::x64: cpe:2.3:a:python:python:3.1.2:-:::::: cpe:2.3:a:python:python:3.1.2:rc1:::::: cpe:2.3:a:python:python:3.1.1:-:::::: cpe:2.3:a:python:python:3.1.1:rc1:::::: cpe:2.3:a:python:python:3.1.0:::::::* cpe:2.3:a:python:python:3.1:-:::::: cpe:2.3:a:python:python:3.1:alpha1:::::: cpe:2.3:a:python:python:3.1:alpha2:::::: cpe:2.3:a:python:python:3.1:beta1:::::: cpe:2.3:a:python:python:3.1:rc1:::::: cpe:2.3:a:python:python:3.1:rc2:::::: cpe:2.3:a:python:python:3.0.1:::::::* cpe:2.3:a:python:python:3.0.0:::::::* cpe:2.3:a:python:python:3.0:-:::::: cpe:2.3:a:python:python:3.0:alpha1:::::: cpe:2.3:a:python:python:3.0:alpha2:::::: cpe:2.3:a:python:python:3.0:alpha3:::::: cpe:2.3:a:python:python:3.0:alpha4:::::: cpe:2.3:a:python:python:3.0:alpha5:::::: cpe:2.3:a:python:python:3.0:beta1:::::: cpe:2.3:a:python:python:3.0:beta2:::::: cpe:2.3:a:python:python:3.0:beta3:::::: cpe:2.3:a:python:python:3.0:rc1:::::: cpe:2.3:a:python:python:3.0:rc2:::::: cpe:2.3:a:python:python:3.0:rc3:::::: cpe:2.3:a:python:python:2.7.9:-:::::: cpe:2.3:a:python:python:2.7.9:rc1:::::: cpe:2.3:a:python:python:2.7.8:::::::* cpe:2.3:a:python:python:2.7.7:-:::::: cpe:2.3:a:python:python:2.7.7:rc1:::::: cpe:2.3:a:python:python:2.7.6:-:::::: cpe:2.3:a:python:python:2.7.6:rc1:::::: cpe:2.3:a:python:python:2.7.5:::::::* cpe:2.3:a:python:python:2.7.4:-:::::: cpe:2.3:a:python:python:2.7.4:rc1:::::: cpe:2.3:a:python:python:2.7.3:-:::::: cpe:2.3:a:python:python:2.7.3:rc1:::::: cpe:2.3:a:python:python:2.7.3:rc2:::::: cpe:2.3:a:python:python:2.7.2150:::::::* cpe:2.3:a:python:python:2.7.2:rc1:::::: cpe:2.3:a:python:python:2.7.2:-:::::: cpe:2.3:a:python:python:2.7.16:-:::::: cpe:2.3:a:python:python:2.7.16:rc1:::::: cpe:2.3:a:python:python:2.7.16:::::::* cpe:2.3:a:python:python:2.7.15:-:::::: cpe:2.3:a:python:python:2.7.15:rc1:::::: cpe:2.3:a:python:python:2.7.14:-:::::: cpe:2.3:a:python:python:2.7.14:rc1:::::: cpe:2.3:a:python:python:2.7.13:-:::::: cpe:2.3:a:python:python:2.7.13:rc1:::::: cpe:2.3:a:python:python:2.7.12:-:::::: cpe:2.3:a:python:python:2.7.12:rc1:::::: cpe:2.3:a:python:python:2.7.1150:::::::* cpe:2.3:a:python:python:2.7.1150::::::x64: cpe:2.3:a:python:python:2.7.11:-:::::: cpe:2.3:a:python:python:2.7.11:rc1:::::: cpe:2.3:a:python:python:2.7.10:-:::::: cpe:2.3:a:python:python:2.7.10:rc1:::::: cpe:2.3:a:python:python:2.7.1:-:::::: cpe:2.3:a:python:python:2.7.1:rc1:::::: cpe:2.3:a:python:python:2.7.0:::::::* cpe:2.3:a:python:python:2.6.9:::::::* cpe:2.3:a:python:python:2.6.8:::::::* cpe:2.3:a:python:python:2.6.7:::::::* cpe:2.3:a:python:python:2.6.6150:::::::* cpe:2.3:a:python:python:2.6.6:::::::* cpe:2.3:a:python:python:2.6.5:::::::* cpe:2.3:a:python:python:2.6.4:::::::* cpe:2.3:a:python:python:2.6.3:::::::* cpe:2.3:a:python:python:2.6.2150:::::::* cpe:2.3:a:python:python:2.6.2:::::::* cpe:2.3:a:python:python:2.6.1:::::::* cpe:2.3:a:python:python:2.6.0:::::::* cpe:2.3:a:python:python:2.5.6:::::::* cpe:2.3:a:python:python:2.5.5:::::::* cpe:2.3:a:python:python:2.5.4:::::::* cpe:2.3:a:python:python:2.5.3:::::::* cpe:2.3:a:python:python:2.5.2:::::::* cpe:2.3:a:python:python:2.5.150:::::::* cpe:2.3:a:python:python:2.5.1:::::::* cpe:2.3:a:python:python:2.5.0:::::::* cpe:2.3:a:python:python:2.4.6:::::::* cpe:2.3:a:python:python:2.4.5:::::::* cpe:2.3:a:python:python:2.4.4:::::::* cpe:2.3:a:python:python:2.4.3:::::::* cpe:2.3:a:python:python:2.4.2:::::::* cpe:2.3:a:python:python:2.4.1:::::::* cpe:2.3:a:python:python:2.4.0:::::::* cpe:2.3:a:python:python:2.3.7:::::::* cpe:2.3:a:python:python:2.3.6:::::::* cpe:2.3:a:python:python:2.3.5:::::::* cpe:2.3:a:python:python:2.3.4:::::::* cpe:2.3:a:python:python:2.3.3:::::::* cpe:2.3:a:python:python:2.3.2:::::::* cpe:2.3:a:python:python:2.3.1:::::::* cpe:2.3:a:python:python:2.3.0:::::::* cpe:2.3:a:python:python:2.2.3:::::::* cpe:2.3:a:python:python:2.2.2:::::::* cpe:2.3:a:python:python:2.2.1:::::::* cpe:2.3:a:python:python:2.2.0:::::::* cpe:2.3:a:python:python:2.2:::::::* cpe:2.3:a:python:python:2.1.3:::::::* cpe:2.3:a:python:python:2.1.2:::::::* cpe:2.3:a:python:python:2.1.1:::::::* cpe:2.3:a:python:python:2.1:::::::* cpe:2.3:a:python:python:2.0.1:::::::* cpe:2.3:a:python:python:2.0:::::::* cpe:2.3:a:python:python:1.6.1:::::::* cpe:2.3:a:python:python:1.6:::::::* cpe:2.3:a:python:python:1.5.2:::::::* cpe:2.3:a:python:python:1.3:::::::* cpe:2.3:a:python:python:1.2:::::::* cpe:2.3:a:python:python:0.9.1:::::::* cpe:2.3:a:python:python:0.9.0:::::::* cpe:2.3:a:python:python:::::::: cpe:2.3:a:python:python:-:::::::*	192
Application	Redhat Software Collections cpe:2.3:a:redhat:software_collections:-:::::::*	1
Os	Redhat Enterprise Linux cpe:2.3:o:redhat:enterprise_linux:7.0:::::::* cpe:2.3:o:redhat:enterprise_linux:6.0:::::::* cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*	3

ExploitDB Exploits

id	Description
2014-06-27	Python CGIHTTPServer Encoded Path Traversal

Nessus® Vulnerability Scanner

Date	Description
2016-08-22	Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-997.nasl - Type : ACT_GATHER_INFO
2015-12-22	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20151119_python_on_SL7_x.nasl - Type : ACT_GATHER_INFO
2015-12-15	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-621.nasl - Type : ACT_GATHER_INFO
2015-12-02	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2015-2101.nasl - Type : ACT_GATHER_INFO
2015-11-24	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-2101.nasl - Type : ACT_GATHER_INFO
2015-11-20	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-2101.nasl - Type : ACT_GATHER_INFO
2015-08-06	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-1344-1.nasl - Type : ACT_GATHER_INFO
2015-08-04	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20150722_python_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2015-07-30	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-1330.nasl - Type : ACT_GATHER_INFO
2015-07-28	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2015-1330.nasl - Type : ACT_GATHER_INFO
2015-07-23	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-1330.nasl - Type : ACT_GATHER_INFO
2015-06-26	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2653-1.nasl - Type : ACT_GATHER_INFO
2015-03-30	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-076.nasl - Type : ACT_GATHER_INFO
2015-03-30	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-075.nasl - Type : ACT_GATHER_INFO
2014-11-24	Name : The remote Fedora host is missing a security update. File : fedora_2014-14266.nasl - Type : ACT_GATHER_INFO
2014-11-14	Name : The remote Fedora host is missing a security update. File : fedora_2014-14257.nasl - Type : ACT_GATHER_INFO
2014-11-11	Name : The remote Fedora host is missing a security update. File : fedora_2014-14208.nasl - Type : ACT_GATHER_INFO
2014-11-10	Name : The remote Fedora host is missing a security update. File : fedora_2014-14245.nasl - Type : ACT_GATHER_INFO
2014-11-10	Name : The remote Fedora host is missing a security update. File : fedora_2014-14227.nasl - Type : ACT_GATHER_INFO
2014-11-06	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-440.nasl - Type : ACT_GATHER_INFO
2014-08-29	Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-517.nasl - Type : ACT_GATHER_INFO
2014-08-21	Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-506.nasl - Type : ACT_GATHER_INFO
2014-08-21	Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-505.nasl - Type : ACT_GATHER_INFO
2014-08-21	Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-504.nasl - Type : ACT_GATHER_INFO
2014-08-13	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_python-201408-140728.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source	Url
MISC	http://bugs.python.org/issue21766 http://openwall.com/lists/oss-security/2014/06/26/3
REDHAT	https://access.redhat.com/security/cve/cve-2014-4650

Alert History

If you want to see full details history, please login or register.

Date	Informations
2024-02-02 01:28:15	Multiple Updates
2024-02-01 12:08:21	Multiple Updates
2023-09-05 12:26:47	Multiple Updates
2023-09-05 01:08:14	Multiple Updates
2023-09-02 12:26:47	Multiple Updates
2023-09-02 01:08:22	Multiple Updates
2023-08-12 12:29:09	Multiple Updates
2023-08-12 01:07:51	Multiple Updates
2023-08-11 12:24:54	Multiple Updates
2023-08-11 01:08:03	Multiple Updates
2023-08-06 12:24:12	Multiple Updates
2023-08-06 01:07:50	Multiple Updates
2023-08-04 12:24:16	Multiple Updates
2023-08-04 01:07:54	Multiple Updates
2023-07-14 12:24:14	Multiple Updates
2023-07-14 01:07:53	Multiple Updates
2023-03-29 01:26:04	Multiple Updates
2023-03-28 12:08:13	Multiple Updates
2022-10-11 12:21:52	Multiple Updates
2022-10-11 01:08:01	Multiple Updates
2022-06-27 21:27:25	Multiple Updates
2021-05-04 12:33:42	Multiple Updates
2021-04-22 01:40:37	Multiple Updates
2020-07-10 12:10:35	Multiple Updates
2020-05-23 00:41:37	First insertion

Type	Count
CWE ID(s)	1
Oval ID(s)	14
CPE ID(s)	196
Sources(s)	3
ExploitDB Exploit(s)	1
Nessus® Exploit(s)	25

9.8 - CVE-2014-4650

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

ExploitDB Exploits

Nessus® Vulnerability Scanner

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU