CVE-2011-0432 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:P/I:P/A:P

Base Score

CVSS 3.x

EPSS Score

Percentile: 76%

Affected Products (NVD)

Vendor	Product	Version
simon_pamies	pywebdav	𝑥 ≤ 0.9.4
simon_pamies	pywebdav	0.3
simon_pamies	pywebdav	0.5
simon_pamies	pywebdav	0.5.1
simon_pamies	pywebdav	0.6
simon_pamies	pywebdav	0.7
simon_pamies	pywebdav	0.8
simon_pamies	pywebdav	0.9.1
simon_pamies	pywebdav	0.9.2
simon_pamies	pywebdav	0.9.3

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

pywebdav

bookworm	0.9.14-1 fixed
bullseye	0.9.14-1 fixed
sid	0.11.0-1 fixed
trixie	0.11.0-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

pywebdav

dapper	dne
hardy	dne
karmic	ignored
lucid	ignored
maverick	Fixed 0.9.4-1+squeeze1build0.10.10.1 released
natty	not-affected
oneiric	not-affected
precise	not-affected
quantal	not-affected
raring	not-affected
saucy	not-affected

Common Weakness Enumeration

CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.

References

http://code.google.com/p/pywebdav/updates/list

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055412.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055413.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055444.html

http://pywebdav.googlecode.com/files/PyWebDAV-0.9.4.1.tar.gz

http://secunia.com/advisories/43571

http://secunia.com/advisories/43602

http://secunia.com/advisories/43703

http://www.debian.org/security/2011/dsa-2177

http://www.securityfocus.com/bid/46655

http://www.vupen.com/english/advisories/2011/0553

http://www.vupen.com/english/advisories/2011/0554

http://www.vupen.com/english/advisories/2011/0634

https://bugzilla.redhat.com/show_bug.cgi?id=677718

http://code.google.com/p/pywebdav/updates/list

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055412.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055413.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055444.html

http://pywebdav.googlecode.com/files/PyWebDAV-0.9.4.1.tar.gz

http://secunia.com/advisories/43571

http://secunia.com/advisories/43602

http://secunia.com/advisories/43703

http://www.debian.org/security/2011/dsa-2177

http://www.securityfocus.com/bid/46655

http://www.vupen.com/english/advisories/2011/0553

http://www.vupen.com/english/advisories/2011/0554

http://www.vupen.com/english/advisories/2011/0634

https://bugzilla.redhat.com/show_bug.cgi?id=677718