CVE-2014-3137
EUVD-2014-000425.10.2014, 22:55
Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 does not properly limit content types, which allows remote attackers to bypass intended access restrictions via an accepted Content-Type followed by a ; (semi-colon) and a Content-Type that would not be accepted, as demonstrated in YouCompleteMe to execute arbitrary code.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| bottlepy | bottle | 0.10.0 |
| bottlepy | bottle | 0.10.1 |
| bottlepy | bottle | 0.10.2 |
| bottlepy | bottle | 0.10.3 |
| bottlepy | bottle | 0.10.4 |
| bottlepy | bottle | 0.10.5 |
| bottlepy | bottle | 0.10.6 |
| bottlepy | bottle | 0.10.7 |
| bottlepy | bottle | 0.10.8 |
| bottlepy | bottle | 0.10.9 |
| bottlepy | bottle | 0.10.10 |
| bottlepy | bottle | 0.10.11 |
| bottlepy | bottle | 0.11.0 |
| bottlepy | bottle | 0.11.1 |
| bottlepy | bottle | 0.11.2 |
| bottlepy | bottle | 0.11.3 |
| bottlepy | bottle | 0.11.4 |
| bottlepy | bottle | 0.11.5 |
| bottlepy | bottle | 0.11.6 |
| bottlepy | bottle | 0.11.7 |
| bottlepy | bottle | 0.12.0 |
| bottlepy | bottle | 0.12.1 |
| bottlepy | bottle | 0.12.2 |
| bottlepy | bottle | 0.12.3 |
| bottlepy | bottle | 0.12.4 |
| bottlepy | bottle | 0.12.5 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| python-bottle |
|
Common Weakness Enumeration
References