Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 651633 - (CVE-2010-2477) CVE-2010-2477 python-paste: multiple XSS vulnerabilities
CVE-2010-2477 python-paste: multiple XSS vulnerabilities
Status: CLOSED CURRENTRELEASE
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20100624,repor...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-11-09 18:24 EST by Vincent Danen
Modified: 2016-03-04 06:11 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-03-15 13:36:51 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Vincent Danen 2010-11-09 18:24:37 EST 
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-2477 to
the following vulnerability:

Name: CVE-2010-2477
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2477
Assigned: 20100628
Reference: MLIST:[oss-security] 20100629 CVE request: XSS in python paste
Reference: URL: http://marc.info/?l=oss-security&m=127785414818815&w=2
Reference: MLIST:[oss-security] 20100630 Re: CVE request: XSS in python paste
Reference: URL: http://marc.info/?l=oss-security&m=127792576822169&w=2
Reference: MLIST:[pylons-discuss] 20100624 Paste 1.7.4, security fix for XSS hole
Reference: URL: http://groups.google.com/group/pylons-discuss/msg/8c256dc076a408d8?dmode=source&output=gplain
Reference: CONFIRM: http://bitbucket.org/ianb/paste/changeset/fcae59df8b56
Reference: CONFIRM: http://pylonshq.com/articles/archives/2010/6/paste_174_released_addresses_xss_security_hole

Multiple cross-site scripting (XSS) vulnerabilities in the
paste.httpexceptions implementation in Paste before 1.7.4 allow remote
attackers to inject arbitrary web script or HTML via vectors involving
a 404 status code, related to (1) paste.urlparser.StaticURLParser, (2)
paste.urlparser.PkgResourcesParser, (3) paste.urlmap.URLMap, and (4)
HTTPNotFound.
Comment 1 Josh Bressers 2011-07-18 15:33:42 EDT 
Statement:

This issue did not affect python-paste version as shipped with Red Hat Enterprise Linux 6, which included the fixed version since its initial release.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.