CherryPy Security Update

by Jeremy Jones

Related link: http://www.cherrypy.org/



According to the link above, the vulnerability allowed clients to retrieve any file on the server's filesystem which the CP server had priveleges to read by requesting URLs with "..". If you're running CherryPy, you probably want to update ASAP.

For those of you who don't know what CherryPy is, it's a web application development framework. From the CherryPy website,

CherryPy is a pythonic, object-oriented web development framework. It provides the foundation over which complex web-based applications can be written, with little or no knowledge of the underlying protocols. CherryPy allows developers to build web applications in much the same way they would build any other object-oriented Python program. This usually results in smaller source code developed in less time.

1 Comments

GoClick
2006-01-10 16:41:29
Sheesh
I can't believe this happened. Oldest trick in the book.