Candidate: CVE-2014-3137 PublicDate: 2014-10-25 22:55:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3137 Description: Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 does not properly limit content types, which allows remote attackers to bypass intended access restrictions via an accepted Content-Type followed by a ; (semi-colon) and a Content-Type that would not be accepted, as demonstrated in YouCompleteMe to execute arbitrary code. Ubuntu-Description: It was discovered that Bottle does not properly limit content types. A remote attacker could possibly use this to execute arbitrary code. Notes: Bugs: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746322 Priority: medium Discovered-by: Assigned-to: CVSS: Patches_python-bottle: upstream_python-bottle: released (0.12.6-1) lucid_python-bottle: ignored (reached end-of-life) precise_python-bottle: ignored (reached end-of-life) precise/esm_python-bottle: DNE (precise was needed) quantal_python-bottle: ignored (reached end-of-life) saucy_python-bottle: ignored (reached end-of-life) trusty_python-bottle: ignored (out of standard support) trusty/esm_python-bottle: released (0.12.0-1ubuntu0.1~esm1) utopic_python-bottle: not-affected (0.12.6-1) vivid_python-bottle: not-affected (0.12.6-1) vivid/stable-phone-overlay_python-bottle: DNE vivid/ubuntu-core_python-bottle: DNE wily_python-bottle: not-affected (0.12.6-1) xenial_python-bottle: not-affected (0.12.6-1) yakkety_python-bottle: not-affected (0.12.6-1) zesty_python-bottle: not-affected (0.12.6-1) artful_python-bottle: not-affected (0.12.6-1) bionic_python-bottle: not-affected (0.12.6-1) cosmic_python-bottle: not-affected (0.12.6-1) disco_python-bottle: not-affected (0.12.6-1) eoan_python-bottle: not-affected (0.12.6-1) focal_python-bottle: not-affected (0.12.6-1) groovy_python-bottle: not-affected (0.12.6-1) hirsute_python-bottle: not-affected (0.12.6-1) impish_python-bottle: not-affected (0.12.6-1) jammy_python-bottle: not-affected (0.12.6-1) devel_python-bottle: not-affected (0.12.6-1)