PublicDate: 2008-01-12 02:46:00 UTC
Candidate: CVE-2008-0252
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0252
Description:
 Directory traversal vulnerability in the _get_file_path function in (1)
 lib/sessions.py in CherryPy 3.0.x up to 3.0.2, (2) filter/sessionfilter.py
 in CherryPy 2.1, and (3) filter/sessionfilter.py in CherryPy 2.x allows
 remote attackers to create or delete arbitrary files, and possibly read and
 write portions of arbitrary files, via a crafted session id in a cookie.
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.launchpad.net/bugs/187481
Priority: medium
Discovered-by:
Assigned-to: fujitsu
CVSS: 

Patches_python-cherrypy:
 vendor: http://www.debian.org/security/2008/dsa-1481
upstream_python-cherrypy: needed
dapper_python-cherrypy: not-affected
edgy_python-cherrypy: needed (reached end-of-life)
feisty_python-cherrypy: released (2.2.1-3ubuntu1.7.04)
gutsy_python-cherrypy: released (2.2.1-3ubuntu1.7.10)
hardy_python-cherrypy: not-affected (2.2.1-3.1)
intrepid_python-cherrypy: not-affected (2.2.1-3.1)
devel_python-cherrypy: not-affected (2.2.1-3.1)

Patches_cherrypy3:
upstream_cherrypy3: needed
dapper_cherrypy3: DNE
edgy_cherrypy3: DNE
feisty_cherrypy3: DNE
gutsy_cherrypy3: released (3.0.2-1ubuntu0.1)
hardy_cherrypy3: not-affected (3.0.2-2)
intrepid_cherrypy3: not-affected (3.0.2-2)
devel_cherrypy3: not-affected (3.0.2-2)