Vulnerability Assessment & Network Security Forums

If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.

Home >> Browse Vulnerability Assessment Database >> Fedora Local Security Checks >> Fedora Core 3 2005-140: mod_python

Vulnerability Assessment Details

Fedora Core 3 2005-140: mod_python

Vulnerability Assessment Summary
Check for the version of the mod_python package

Detailed Explanation for this Vulnerability Assessment

The remote host is missing the patch for the advisory FEDORA-2005-140 (mod_python).

Mod_python is a module that embeds the Python language interpreter
within
the server, permiting Apache handlers to be written in Python.

Mod_python brings together the versatility of Python and the power of
the Apache Web server for a considerable boost in flexibility and
performance over the traditional CGI approach.

Update Information:

Graham Dumpleton discovered a flaw affecting the publisher handler of
mod_python, used to make objects inside modules callable via URL.
A remote user could visit a carefully crafted URL that would gain
access to
objects that should not be visible, leading to an information leak.
The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned
the name CVE-2005-0088 to this issue.

This update includes a patch which fixes this issue.

Solution : http://www.fedoranews.org/blog/index.php?p=392
Network Security Threat Level: High

Networks Security ID:

Vulnerability Assessment Copyright: This script is Copyright (C) 2005 Tenable Network Security

Cables, Connectors