CVE-2014-4650

The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator.

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://bugs.python.org/issue21766	Exploit Patch Vendor Advisory
http://openwall.com/lists/oss-security/2014/06/26/3	Mailing List Third Party Advisory
https://access.redhat.com/security/cve/cve-2014-4650	Third Party Advisory
http://bugs.python.org/issue21766	Exploit Patch Vendor Advisory
http://openwall.com/lists/oss-security/2014/06/26/3	Mailing List Third Party Advisory
https://access.redhat.com/security/cve/cve-2014-4650	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:python:python::::::::
	cpe:2.3:a:python:python::::::::
	cpe:2.3:a:python:python::::::::
	cpe:2.3:a:python:python::::::::

Configuration 2 (hide)

OR	cpe:2.3:a:redhat:software_collections:-:::::::*
	cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*

History

21 Nov 2024, 02:10

Type	Values Removed	Values Added
References	~~() http://bugs.python.org/issue21766 - Exploit, Patch, Vendor Advisory~~	() http://bugs.python.org/issue21766 - Exploit, Patch, Vendor Advisory
References	~~() http://openwall.com/lists/oss-security/2014/06/26/3 - Mailing List, Third Party Advisory~~	() http://openwall.com/lists/oss-security/2014/06/26/3 - Mailing List, Third Party Advisory
References	~~() https://access.redhat.com/security/cve/cve-2014-4650 - Third Party Advisory~~	() https://access.redhat.com/security/cve/cve-2014-4650 - Third Party Advisory

27 Jun 2022, 16:20

Type	Values Removed	Values Added
CPE	cpe:2.3:a:python:python:3.3.4:::::::* cpe:2.3:a:python:python:2.7.5:::::::*	cpe:2.3:a:python:python::::::::

Information

Published : 2020-02-20 17:15

Updated : 2024-11-21 02:10

NVD link : CVE-2014-4650

Mitre link : CVE-2014-4650

CVE.ORG link : CVE-2014-4650

JSON object : View

Products Affected

redhat

enterprise_linux
software_collections

python

python

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2014-4650", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2020-02-20T17:15:12.493", "references": [{"url": "http://bugs.python.org/issue21766", "tags": ["Exploit", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://openwall.com/lists/oss-security/2014/06/26/3", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://access.redhat.com/security/cve/cve-2014-4650", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://bugs.python.org/issue21766", "tags": ["Exploit", "Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://openwall.com/lists/oss-security/2014/06/26/3", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/security/cve/cve-2014-4650", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator."}, {"lang": "es", "value": "El m\u00f3dulo CGIHTTPServer en Python versiones 2.7.5 y 3.3.4, no maneja apropiadamente las URL en las que la codificaci\u00f3n de URL es usada para los separadores de ruta, lo que permite a atacantes remotos leer el c\u00f3digo fuente del script o conducir un salto de directorio y ejecutar c\u00f3digo no deseado por medio de una secuencia de caracteres dise\u00f1ada, como es demostrado mediante un separador %2f."}], "lastModified": "2024-11-21T02:10:38.423", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E972B9F-0AAD-4076-8B19-55161B67E6FD", "versionEndExcluding": "2.7.8", "versionStartIncluding": "2.7.0"}, {"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03E5AD55-FAAE-4A26-A1A7-A30C2758CE7A", "versionEndExcluding": "3.2.6", "versionStartIncluding": "3.2.0"}, {"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE8A640D-5595-4E52-B191-4941EAB75258", "versionEndExcluding": "3.3.6", "versionStartIncluding": "3.3.0"}, {"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "77B49A11-B6B3-417A-8142-FA0967D4E684", "versionEndExcluding": "3.4.2", "versionStartIncluding": "3.4.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:software_collections:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "749804DA-4B27-492A-9ABA-6BB562A6B3AC"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

9.8 /10