Bug 427665

Summary: CherryPy security hole still unpatched: Malicious cookies may allow access to files outside the session directory
Product: [Fedora] Fedora Reporter: Felix Schwarz <felix.schwarz>
Component: python-cherrypyAssignee: Luke Macken <lmacken>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: low    
Version: 8CC: pfrields
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-01-14 08:00:20 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Felix Schwarz 2008-01-06 14:06:21 UTC 
+++ This bug was initially created as a clone of Bug #427664 +++

In October, a security hole in CherryPy was found, see
http://www.cherrypy.org/ticket/744 for a detailed description and patches.

As far as I can see, this bug was not patched in Fedora 7/8. In Fedora 8, the
latest CherryPy version is 2.2.1-7.fc8.noarch.rpm. Although the RPM changelog
mentions that a backported fix for the problem was applied ("Apply backported
fix from http://www.cherrypy.org/changeset/1766"), sessionfilter.py seems to be
still vulnerable.
Comment 1 Tomas Hoger 2008-01-14 08:00:20 UTC 
Packages with backported fix pushed to F7 and F8:

https://admin.fedoraproject.org/updates/F7/FEDORA-2008-0333
https://admin.fedoraproject.org/updates/F8/FEDORA-2008-0299