Security Advisory

CVE-2014-4650

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-02-20 16:01:22

Last updated 2024-08-06 11:20:26

Assigner mitre

State PUBLISHED

Description

The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator.

← Browse all CVEs View on cve.org ↗