The SimpleXMLRPCServer library module in Python 2.2, 2.3 before 2.3.5, and 2.4, when used by XML-RPC servers that use the register_instance method to register an object without a _dispatch method, allows remote attackers to read or modify globals of the associated module, and possibly execute arbitrary code, via dotted attributes.
References
Link | Resource |
---|---|
http://marc.info/?l=bugtraq&m=110746469728728&w=2 | Mailing List Third Party Advisory |
http://python.org/security/PSF-2005-001/patch-2.2.txt | Broken Link Patch |
http://secunia.com/advisories/14128 | Broken Link |
http://securitytracker.com/id?1013083 | Broken Link Third Party Advisory VDB Entry |
http://www.debian.org/security/2005/dsa-666 | Patch Third Party Advisory |
http://www.mandriva.com/security/advisories?name=MDKSA-2005:035 | Broken Link Third Party Advisory |
http://www.python.org/security/PSF-2005-001/ | Broken Link Patch Vendor Advisory |
http://www.redhat.com/support/errata/RHSA-2005-108.html | Third Party Advisory |
http://www.securityfocus.com/bid/12437 | Third Party Advisory VDB Entry |
http://www.trustix.org/errata/2005/0003/ | Third Party Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/19217 | VDB Entry |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9811 | Broken Link |
Configurations
Configuration 1 (hide)
|
History
02 Aug 2023, 18:04
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:python_software_foundation:python:2.3.2:*:*:*:*:*:*:* cpe:2.3:a:python_software_foundation:python:2.3:*:*:*:*:*:*:* cpe:2.3:a:python_software_foundation:python:2.3.3:*:*:*:*:*:*:* cpe:2.3:a:python_software_foundation:python:2.2:*:*:*:*:*:*:* cpe:2.3:a:python_software_foundation:python:2.3.1:*:*:*:*:*:*:* cpe:2.3:a:python_software_foundation:python:2.3.4:*:*:*:*:*:*:* |
cpe:2.3:a:python:python:2.4.0:*:*:*:*:*:*:* cpe:2.3:a:python:python:*:*:*:*:*:*:*:* |
References | (SECUNIA) http://secunia.com/advisories/14128 - Broken Link | |
References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/19217 - VDB Entry | |
References | (SECTRACK) http://securitytracker.com/id?1013083 - Broken Link, Third Party Advisory, VDB Entry | |
References | (BUGTRAQ) http://marc.info/?l=bugtraq&m=110746469728728&w=2 - Mailing List, Third Party Advisory | |
References | (MANDRAKE) http://www.mandriva.com/security/advisories?name=MDKSA-2005:035 - Broken Link, Third Party Advisory | |
References | (TRUSTIX) http://www.trustix.org/errata/2005/0003/ - Third Party Advisory | |
References | (CONFIRM) http://www.python.org/security/PSF-2005-001/ - Broken Link, Patch, Vendor Advisory | |
References | (REDHAT) http://www.redhat.com/support/errata/RHSA-2005-108.html - Third Party Advisory | |
References | (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9811 - Broken Link | |
References | (BID) http://www.securityfocus.com/bid/12437 - Third Party Advisory, VDB Entry | |
References | (CONFIRM) http://python.org/security/PSF-2005-001/patch-2.2.txt - Broken Link, Patch | |
References | (DEBIAN) http://www.debian.org/security/2005/dsa-666 - Patch, Third Party Advisory |
Information
Published : 2005-05-02 04:00
Updated : 2024-02-04 16:52
NVD link : CVE-2005-0089
Mitre link : CVE-2005-0089
CVE.ORG link : CVE-2005-0089
JSON object : View
Products Affected
python
- python
CWE