Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> Fedora Local Security Checks >> Fedora Core 2 2005-139: mod_python


Vulnerability Assessment Details

Fedora Core 2 2005-139: mod_python

Vulnerability Assessment Summary
Check for the version of the mod_python package

Detailed Explanation for this Vulnerability Assessment

The remote host is missing the patch for the advisory FEDORA-2005-139 (mod_python).

Mod_python is a module that embeds the Python language interpreter
within
the server, permiting Apache handlers to be written in Python.

Mod_python brings together the versatility of Python and the power of
the Apache Web server for a considerable boost in flexibility and
performance over the traditional CGI approach.

Update Information:

Graham Dumpleton discovered a flaw affecting the publisher handler of
mod_python, used to make objects inside modules callable via URL.
A remote user could visit a carefully crafted URL that would gain
access to
objects that should not be visible, leading to an information leak.
The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned
the name CVE-2005-0088 to this issue.

This update includes a patch which fixes this issue.



Solution : http://www.fedoranews.org/blog/index.php?p=391
Network Security Threat Level: High

Networks Security ID:

Vulnerability Assessment Copyright: This script is Copyright (C) 2005 Tenable Network Security

Cables, Connectors

2U Chassis Rackmount Micro-ATX / ITX 2 x 5.25" Bays + 2x 3.5" Bays Server Case
$60.0
2U Chassis Rackmount Micro-ATX / ITX 2 x 5.2516GB Total Micro PC3 12800 1600MHz ECC Server Memory A5940905-TM
$121.34
16GB Total Micro PC3 12800 1600MHz ECC Server Memory A5940905-TM picture16GB Total Micro DDR4 288pin 2133MHz Registered ECC Server Memory A7910488-TM
$202.99
16GB Total Micro DDR4 288pin 2133MHz Registered ECC Server Memory A7910488-TM pictureNew HP MicroServer G8 G1610T G2020T 715173-001 724491-001 AFB1212SH Server Fan
$19.99
New HP MicroServer G8 G1610T G2020T 715173-001 724491-001 AFB1212SH Server Fan picture


Discussions

No Discussions have been posted on this vulnerability.