CVE-2008-0252

Publication date 12 January 2008

Last updated 24 July 2024


Ubuntu priority

Directory traversal vulnerability in the _get_file_path function in (1) lib/sessions.py in CherryPy 3.0.x up to 3.0.2, (2) filter/sessionfilter.py in CherryPy 2.1, and (3) filter/sessionfilter.py in CherryPy 2.x allows remote attackers to create or delete arbitrary files, and possibly read and write portions of arbitrary files, via a crafted session id in a cookie.

Status

Package Ubuntu Release Status
cherrypy3 8.10 intrepid
Not affected
8.04 LTS hardy
Not affected
7.10 gutsy
Fixed 3.0.2-1ubuntu0.1
7.04 feisty Not in release
6.10 edgy Not in release
6.06 LTS dapper Not in release
python-cherrypy 8.10 intrepid
Not affected
8.04 LTS hardy
Not affected
7.10 gutsy
Fixed 2.2.1-3ubuntu1.7.10
7.04 feisty
Fixed 2.2.1-3ubuntu1.7.04
6.10 edgy Ignored end of life, was needed
6.06 LTS dapper
Not affected

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
python-cherrypy