Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-666-1
HistoryFeb 04, 2005 - 12:00 a.m.

python2.2 - design flaw

2005-02-0400:00:00
Google
osv.dev
6

0.128 Low

EPSS

Percentile

95.5%

JSON

The Python development team has discovered a flaw in their language
package. The SimpleXMLRPCServer library module could permit remote
attackers unintended access to internals of the registered object or
its module or possibly other modules. The flaw only affects Python
XML-RPC servers that use the register_instance() method to register an
object without a _dispatch() method. Servers using only
register_function() are not affected.

For the stable distribution (woody) this problem has been fixed in
version 2.2.1-4.7. No other version of Python in woody is affected.

For the testing (sarge) and unstable (sid) distributions the following
matrix explains which version will contain the correction in which
version:

testing unstable
Python 2.2 2.2.3-14 2.2.3-14
Python 2.3 2.3.4-20 2.3.4+2.3.5c1-2
Python 2.4 2.4-5 2.4-5

We recommend that you upgrade your Python packages.

CPENameOperatorVersion
python2.2eq2.2.1-4.6

Related

cve 1
freebsd 1
redhat 2
nessus 7
gentoo 1
openvas 9
ubuntu 1
debian 2
cvelist 1
nvd 1
ubuntucve 1
securityvulns 1
cert 1
cve
cve
CVE-2005-0089
2005-05-02 04:00:00
freebsd
freebsd
python -- SimpleXMLRPCServer.py allows unrestricted traversal
2005-02-03 00:00:00
redhat
redhat
(RHSA-2005:108) python security update
2005-02-15 00:00:00
(RHSA-2005:109) python security update
2005-02-14 00:00:00
nessus
nessus
Ubuntu 4.10 : python2.2, python2.3 vulnerability (USN-73-1)
2006-01-15 00:00:00
RHEL 3 : python (RHSA-2005:109)
2005-02-14 00:00:00
RHEL 4 : python (RHSA-2005:108)
2005-02-22 00:00:00
gentoo
gentoo
Python: Arbitrary code execution through SimpleXMLRPCServer
2005-02-08 00:00:00
openvas
openvas
SLES9: Security update for python
2009-10-10 00:00:00
SLES9: Security update for python
2009-10-10 00:00:00
Debian Security Advisory DSA 666-1 (python2.2)
2008-01-17 00:00:00
ubuntu
ubuntu
Python vulnerability
2005-02-04 00:00:00
debian
debian
[SECURITY] [DSA 666-1] New Python2.2 packages fix unauthorised XML-RPC internals access
2005-02-04 14:58:00
[SECURITY] [DSA 666-1] New Python2.2 packages fix unauthorised XML-RPC internals access
2005-02-04 14:58:00
cvelist
cvelist
CVE-2005-0089
2005-02-06 05:00:00
nvd
nvd
CVE-2005-0089
2005-05-02 04:00:00
ubuntucve
ubuntucve
CVE-2005-0089
2005-05-02 00:00:00
securityvulns
securityvulns
Python Security Advisory PSF-2005-001 - SimpleXMLRPCServer.py
2005-02-04 00:00:00
cert
cert
mod_python vulnerable to information disclosure via crafted URL
2005-02-21 00:00:00

0.128 Low

EPSS

Percentile

95.5%

JSON
Related for OSV:DSA-666-1
cve1freebsd1redhat2nessus7gentoo1openvas9ubuntu1debian2cvelist1nvd1ubuntucve1securityvulns1cert1