Apache mod_python FileSession Code Execution Vulnerability
BID:16916
Info
Apache mod_python FileSession Code Execution Vulnerability
| Bugtraq ID: | 16916 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 02 2006 12:00AM |
| Updated: | Mar 07 2006 05:41PM |
| Credit: | Discovered by an unknown researcher. |
| Vulnerable: |
Gregory Trubetskoy mod_python 3.2.7 |
| Not Vulnerable: |
Gregory Trubetskoy mod_python 3.2.8 |
Discussion
Apache mod_python FileSession Code Execution Vulnerability
Apache mod_python is prone to a code-execution vulnerability.
Presumably, this issue can be exploited remotely through a specially crafted session cookie. However, conflicting details also suggest that only local attackers can exploit this vulnerability. This information will be updated when more details become available.
A successful attack may facilitate a remote compromise in the context of the server. Local attacks may be possible as well.
Apache mod_python is prone to a code-execution vulnerability.
Presumably, this issue can be exploited remotely through a specially crafted session cookie. However, conflicting details also suggest that only local attackers can exploit this vulnerability. This information will be updated when more details become available.
A successful attack may facilitate a remote compromise in the context of the server. Local attacks may be possible as well.
Exploit / POC
Apache mod_python FileSession Code Execution Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution / Fix
Apache mod_python FileSession Code Execution Vulnerability
Solution:
The vendor has released mod_python 3.2.8 to address this issue.
Solution:
The vendor has released mod_python 3.2.8 to address this issue.
References
Apache mod_python FileSession Code Execution Vulnerability
References:
References:
- 02/24/2006 Vulnerability in Apache's Mod_python discovered (Cgisecurity)
- 2006-02-15 (mod_python)
- Apache mod_python Product Page (Apache Software Foundation)