VDB-38537 · CVE-2007-4559 · SA26623

Python path traversal

A vulnerability was found in Python. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to path traversal. The CWE definition for the vulnerability is CWE-22. The weakness was disclosed 08/27/2007 (Website). The advisory is shared at vupen.com. The identification of this vulnerability is CVE-2007-4559. The attack may be initiated remotely. There are no technical details available. There is no exploit available. The price for an exploit might be around USD $0-$5k at the moment. MITRE ATT&CK project uses the attack technique T1006 for this issue. It is declared as proof-of-concept. We expect the 0-day to have been worth approximately $0-$5k. A possible mitigation has been published even before and not after the disclosure of the vulnerability. The vulnerability is also documented other vulnerability databases: Secunia (SA26623).

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

138

Field

source_secunia_date1
vulnerability_cvss2_nvd_ai1
vulnerability_cvss2_nvd_ii1
vulnerability_cvss2_nvd_ci1
vulnerability_cvss2_nvd_au1

Commit Conf

100%42
90%7
98%1

Approve Conf

100%42
90%7
98%1
IDCommitedUserFieldChangeRemarksAcceptedReasonC
264785704/12/2019VulD...secunia_date1188432000 (08/30/2007)flexerasoftware.com04/12/2019accepted
100
264783504/12/2019VulD...cvss2_nvd_aiPnist.gov04/12/2019accepted
100
264783404/12/2019VulD...cvss2_nvd_iiPnist.gov04/12/2019accepted
100
264783304/12/2019VulD...cvss2_nvd_ciPnist.gov04/12/2019accepted
100
264783204/12/2019VulD...cvss2_nvd_auNnist.gov04/12/2019accepted
100
264783104/12/2019VulD...cvss2_nvd_acMnist.gov04/12/2019accepted
100
264783004/12/2019VulD...cvss2_nvd_avNnist.gov04/12/2019accepted
100
264786703/16/2015VulD...cvss3_vuldb_rcXsee CVSS documentation03/16/2015accepted
90
264786603/16/2015VulD...cvss3_vuldb_rlXsee CVSS documentation03/16/2015accepted
90
264786503/16/2015VulD...cvss3_vuldb_ePsee CVSS documentation03/16/2015accepted
90
264786403/16/2015VulD...cvss2_vuldb_rcNDsee CVSS documentation03/16/2015accepted
90
264786303/16/2015VulD...cvss2_vuldb_rlNDsee CVSS documentation03/16/2015accepted
90
264786203/16/2015VulD...cvss2_vuldb_ePOCsee CVSS documentation03/16/2015accepted
90
264786103/16/2015VulD...locationWebsite03/16/2015accepted
90
264786003/16/2015VulD...vupenADV-2007-302203/16/2015accepted
100
264785903/16/2015VulD...secunia_riskLess Criticalflexerasoftware.com03/16/2015accepted
100
264785803/16/2015VulD...secunia_titlePython tarfile Module Directory Traversal and Symlink Vulnerabilityflexerasoftware.com03/16/2015accepted
100
264785603/16/2015VulD...secunia26623flexerasoftware.com03/16/2015accepted
100
264785503/16/2015VulD...cve_nvd_summaryDirectory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.cve.org03/16/2015accepted
100
264785403/16/2015VulD...cve_nvd_published1188172800cve.org03/16/2015accepted
100

30 more entries are not shown

Might our Artificial Intelligence support you?

Check our Alexa App!