Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> Fedora Local Security Checks >> Fedora Core 3 2005-140: mod_python


Vulnerability Assessment Details

Fedora Core 3 2005-140: mod_python

Vulnerability Assessment Summary
Check for the version of the mod_python package

Detailed Explanation for this Vulnerability Assessment

The remote host is missing the patch for the advisory FEDORA-2005-140 (mod_python).

Mod_python is a module that embeds the Python language interpreter
within
the server, permiting Apache handlers to be written in Python.

Mod_python brings together the versatility of Python and the power of
the Apache Web server for a considerable boost in flexibility and
performance over the traditional CGI approach.

Update Information:

Graham Dumpleton discovered a flaw affecting the publisher handler of
mod_python, used to make objects inside modules callable via URL.
A remote user could visit a carefully crafted URL that would gain
access to
objects that should not be visible, leading to an information leak.
The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned
the name CVE-2005-0088 to this issue.

This update includes a patch which fixes this issue.



Solution : http://www.fedoranews.org/blog/index.php?p=392
Network Security Threat Level: High

Networks Security ID:

Vulnerability Assessment Copyright: This script is Copyright (C) 2005 Tenable Network Security

Cables, Connectors

ineo Tool less USB 3.0 to 2.5" SATA Hard Drive HDD SSD Adapter Cable Enclosure
$8.99
ineo Tool less USB 3.0 to 2.5SANDISK SSD PLUS 120GB 120G SOLID-STATE HARD DRIVE 520MB/SEC
$18.99
SANDISK SSD PLUS 120GB 120G SOLID-STATE HARD DRIVE 520MB/SEC pictureNew Crucial MX300 750GB SATA 2.5 Inch Internal Solid State Drive CT750MX300SSD1
$204.99
New Crucial MX300 750GB SATA 2.5 Inch Internal Solid State Drive CT750MX300SSD1 pictureineo Tool less USB 3.0 to 2.5" SATA Hard Drive HDD SSD Adapter Cable Enclosure
$10.99
ineo Tool less USB 3.0 to 2.5


Discussions

No Discussions have been posted on this vulnerability.