Summary
The remote host is missing an update to python-cherrypy announced via advisory DSA 1481-1.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201481-1
Insight
It was discovered that a directory traversal vulnerability in CherryPy, a pythonic, object-oriented web development framework may lead to denial of service by deleting files through malicious session IDs in cookies.
For the stable distribution (etch), this problem has been fixed in version 2.2.1-3etch1.
The old stable distribution (sarge) doesn't contain python-cherrypy.
We recommend that you upgrade your python-cherrypy packages.
Severity
Classification
-
CVE CVE-2008-0252 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities