Vulnerability Assessment & Network Security Forums

If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.

Home >> Browse Vulnerability Assessment Database >> Fedora Local Security Checks >> Fedora Core 3 2005-140: mod_python

Vulnerability Assessment Details

Fedora Core 3 2005-140: mod_python

Vulnerability Assessment Summary
Check for the version of the mod_python package

Detailed Explanation for this Vulnerability Assessment

The remote host is missing the patch for the advisory FEDORA-2005-140 (mod_python).

Mod_python is a module that embeds the Python language interpreter
the server, permiting Apache handlers to be written in Python.

Mod_python brings together the versatility of Python and the power of
the Apache Web server for a considerable boost in flexibility and
performance over the traditional CGI approach.

Update Information:

Graham Dumpleton discovered a flaw affecting the publisher handler of
mod_python, used to make objects inside modules callable via URL.
A remote user could visit a carefully crafted URL that would gain
access to
objects that should not be visible, leading to an information leak.
Common Vulnerabilities and Exposures project ( has
the name CVE-2005-0088 to this issue.

This update includes a patch which fixes this issue.

Solution :
Network Security Threat Level: High

Networks Security ID:

Vulnerability Assessment Copyright: This script is Copyright (C) 2005 Tenable Network Security

Cables, Connectors

Amiga SupraRam Ram Card w/8mb Ram Installed
Amiga SupraRam Ram Card w/8mb Ram Installed pictureAmiga 4000T Drive Rails
Amiga 4000T Drive Rails pictureCommodore Amiga 1010 External 3.5" 880k Floppy Disk Drive
Commodore Amiga 1010 External 3.5Amiga Gunship 2000 Game
Amiga Gunship 2000 Game picture


No Discussions have been posted on this vulnerability.