Directory traversal vulnerability in the _get_file_path function in (1) lib/sessions.py in CherryPy 3.0.x up to 3.0.2, (2) filter/sessionfilter.py in CherryPy 2.1, and (3) filter/sessionfilter.py in CherryPy 2.x allows remote attackers to create or delete arbitrary files, and possibly read and write portions of arbitrary files, via a crafted session id in a cookie.

It was discovered that a directory traversal vulnerability in CherryPy, a pythonic, object-oriented web development framework, may lead to denial of service by deleting files through malicious session IDs in cookies.

The remote host is affected by the vulnerability described in GLSA-200801-11 (CherryPy: Directory traversal vulnerability)

    CherryPy does not sanitize the session id, provided as a cookie value,     in the FileSession._get_file_path() function before using it as part of     the file name.
  Impact :

    A remote attacker could exploit this vulnerability to read and possibly     write arbitrary files on the web server, or to hijack valid sessions,     by providing a specially crafted session id. This only affects     applications using file-based sessions.
  Workaround :

    Disable the 'FileSession' functionality by using 'PostgresqlSession' or     'RamSession' session management in your CherryPy application.

Fixes a security issue with a backport from upstream.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Security issue fixed with a backport from upstream.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
30189	Debian DSA-1481-1 : python-cherrypy - missing input sanitising	Nessus	Debian Local Security Checks	high
30116	GLSA-200801-11 : CherryPy: Directory traversal vulnerability	Nessus	Gentoo Local Security Checks	high
29864	Fedora 7 : python-cherrypy-2.2.1-8.fc7 (2008-0333)	Nessus	Fedora Local Security Checks	high
29863	Fedora 8 : python-cherrypy-2.2.1-8.fc8 (2008-0299)	Nessus	Fedora Local Security Checks	high

Detections

Analytics

CVE-2008-0252

high

Tenable Plugins

high

high

high

high