FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mod_python -- information leakage vulnerability

Affected packages
mod_python < 2.7.11
3.* < mod_python < 3.1.4


VuXML ID 5192e7ca-7d4f-11d9-a9e7-0001020eed82
Discovery 2005-01-30
Entry 2005-02-13

Mark J Cox reports:

Graham Dumpleton discovered a flaw which can affect anyone using the publisher handle of the Apache Software Foundation mod_python. The publisher handle lets you publish objects inside modules to make them callable via URL. The flaw allows a carefully crafted URL to obtain extra information that should not be visible (information leak).


CVE Name CVE-2005-0088