CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
81.5%
Directory traversal vulnerability in the _get_file_path function in (1)
lib/sessions.py in CherryPy 3.0.x up to 3.0.2, (2) filter/sessionfilter.py
in CherryPy 2.1, and (3) filter/sessionfilter.py in CherryPy 2.x allows
remote attackers to create or delete arbitrary files, and possibly read and
write portions of arbitrary files, via a crafted session id in a cookie.