vulnerability
ELSA-2015-1064 Moderate: Oracle Linux Software Collections 1.2 for Oracle Linux python27 security, bug fix, and enhancement update
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Feb 5, 2016 | Feb 8, 2016 | Jul 28, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Feb 5, 2016
Added
Feb 8, 2016
Modified
Jul 28, 2025
Description
The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator.
Solutions
linuxrpm-upgrade-ols6-x86_64-python27linuxrpm-upgrade-ols6-x86_64-python27-pythonlinuxrpm-upgrade-ols6-x86_64-python27-python-debuglinuxrpm-upgrade-ols6-x86_64-python27-python-devellinuxrpm-upgrade-ols6-x86_64-python27-python-libslinuxrpm-upgrade-ols6-x86_64-python27-python-piplinuxrpm-upgrade-ols6-x86_64-python27-python-setuptoolslinuxrpm-upgrade-ols6-x86_64-python27-python-simplejsonlinuxrpm-upgrade-ols6-x86_64-python27-python-testlinuxrpm-upgrade-ols6-x86_64-python27-python-toolslinuxrpm-upgrade-ols6-x86_64-python27-python-wheellinuxrpm-upgrade-ols6-x86_64-python27-runtimelinuxrpm-upgrade-ols6-x86_64-python27-scldevellinuxrpm-upgrade-ols6-x86_64-python27-tkinterlinuxrpm-upgrade-ols7-x86_64-python27linuxrpm-upgrade-ols7-x86_64-python27-pythonlinuxrpm-upgrade-ols7-x86_64-python27-python-debuglinuxrpm-upgrade-ols7-x86_64-python27-python-devellinuxrpm-upgrade-ols7-x86_64-python27-python-libslinuxrpm-upgrade-ols7-x86_64-python27-python-piplinuxrpm-upgrade-ols7-x86_64-python27-python-setuptoolslinuxrpm-upgrade-ols7-x86_64-python27-python-simplejsonlinuxrpm-upgrade-ols7-x86_64-python27-python-testlinuxrpm-upgrade-ols7-x86_64-python27-python-toolslinuxrpm-upgrade-ols7-x86_64-python27-python-wheellinuxrpm-upgrade-ols7-x86_64-python27-runtimelinuxrpm-upgrade-ols7-x86_64-python27-scldevellinuxrpm-upgrade-ols7-x86_64-python27-tkinter
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.