FKIE_CVE-2010-2477

Vulnerability from fkie_nvd - Published: 2010-11-06 00:00 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the paste.httpexceptions implementation in Paste before 1.7.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving a 404 status code, related to (1) paste.urlparser.StaticURLParser, (2) paste.urlparser.PkgResourcesParser, (3) paste.urlmap.URLMap, and (4) HTTPNotFound.
References
secalert@redhat.comhttp://bitbucket.org/ianb/paste/changeset/fcae59df8b56Patch
secalert@redhat.comhttp://groups.google.com/group/paste-users/browse_thread/thread/3b3fff3dadd0b1e5?pli=1
secalert@redhat.comhttp://groups.google.com/group/pylons-discuss/msg/8c256dc076a408d8?dmode=source&output=gplain
secalert@redhat.comhttp://marc.info/?l=oss-security&m=127785414818815&w=2Patch
secalert@redhat.comhttp://marc.info/?l=oss-security&m=127792576822169&w=2Patch
secalert@redhat.comhttp://pylonshq.com/articles/archives/2010/6/paste_174_released_addresses_xss_security_hole
secalert@redhat.comhttp://secunia.com/advisories/42500
secalert@redhat.comhttp://www.securityfocus.com/bid/41160
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-1026-1
af854a3a-2127-422b-91ae-364da2661108http://bitbucket.org/ianb/paste/changeset/fcae59df8b56Patch
af854a3a-2127-422b-91ae-364da2661108http://groups.google.com/group/paste-users/browse_thread/thread/3b3fff3dadd0b1e5?pli=1
af854a3a-2127-422b-91ae-364da2661108http://groups.google.com/group/pylons-discuss/msg/8c256dc076a408d8?dmode=source&output=gplain
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=oss-security&m=127785414818815&w=2Patch
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=oss-security&m=127792576822169&w=2Patch
af854a3a-2127-422b-91ae-364da2661108http://pylonshq.com/articles/archives/2010/6/paste_174_released_addresses_xss_security_hole
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/42500
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/41160
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1026-1
Impacted products
Vendor Product Version
pythonpaste paste *
pythonpaste paste 0.1.0
pythonpaste paste 0.3
pythonpaste paste 0.4.1
pythonpaste paste 0.5
pythonpaste paste 0.9.1
pythonpaste paste 0.9.2
pythonpaste paste 0.9.3
pythonpaste paste 0.9.4
pythonpaste paste 1.0.1
pythonpaste paste 1.1
pythonpaste paste 1.1.1
pythonpaste paste 1.2
pythonpaste paste 1.3
pythonpaste paste 1.4
pythonpaste paste 1.4.2
pythonpaste paste 1.5
pythonpaste paste 1.6
pythonpaste paste 1.7
pythonpaste paste 1.7.1
pythonpaste paste 1.7.2
pythonpaste paste 1.7.3
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:pythonpaste:paste:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A52C540-0909-4EDE-B753-617261E970CD",
              "versionEndIncluding": "1.7.3.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pythonpaste:paste:0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "68613358-50C2-4211-A210-79FF5D50407E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pythonpaste:paste:0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BD52341-D5FB-4456-B035-58BB1602C794",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pythonpaste:paste:0.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFC4E9B2-251A-4BB9-83C1-56DFE235D533",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pythonpaste:paste:0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1FE092E-560C-47F2-90DF-D0DF61338D5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pythonpaste:paste:0.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "000891AF-51D4-417A-96EF-99FC0CED4227",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pythonpaste:paste:0.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "08035C06-CD68-4AD3-BB94-30E8DA2E4E5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pythonpaste:paste:0.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A514CCBA-A4A8-4BF3-9139-72B47F48FC66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pythonpaste:paste:0.9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9862C0A5-E199-4329-9855-CC3A8C203AD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pythonpaste:paste:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "36D53159-E6D1-4FF3-BB11-F7F91F23C6C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pythonpaste:paste:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "697D8726-59DB-4DD6-8BC1-00C48BA1113D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pythonpaste:paste:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FD6C801-32E6-41C2-BA9A-50FB01D97924",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pythonpaste:paste:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "963F4A2D-C160-4AC7-AEEE-69A2647F13C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pythonpaste:paste:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAA5051C-7ADC-402A-8529-443A1C1C57D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pythonpaste:paste:1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1519C844-E6AE-4453-B160-508B7423ECF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pythonpaste:paste:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3DCBFE7-A3C4-4627-89FE-4A2A56A71C12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pythonpaste:paste:1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3290471C-2427-43AB-A917-2BDC7C6FF210",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pythonpaste:paste:1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "98108B3E-3510-4C99-975A-6CA9FB3D27FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pythonpaste:paste:1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "279F0B5B-585E-47DC-907A-98EA56D669E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pythonpaste:paste:1.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAFE30D1-AFC1-4BE4-AA3B-6A295E296D3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pythonpaste:paste:1.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D9BC80C-690D-4602-B045-AD76A2E23E73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pythonpaste:paste:1.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "464EDF87-4EA8-4039-8A83-18AED9042BB5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in the paste.httpexceptions implementation in Paste before 1.7.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving a 404 status code, related to (1) paste.urlparser.StaticURLParser, (2) paste.urlparser.PkgResourcesParser, (3) paste.urlmap.URLMap, and (4) HTTPNotFound."
    },
    {
      "lang": "es",
      "value": "Varias vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en la aplicaci\u00f3n paste.httpexceptions en Paste antes de v1.7.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores relacionados con c\u00f3digo 404, en relaci\u00f3n con (1) paste.urlparser.StaticURLParser, (2) paste.urlparser.PkgResourcesParser, (3) paste.urlmap.URLMap, y (4) HTTPNotFound."
    }
  ],
  "id": "CVE-2010-2477",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-11-06T00:00:01.970",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://bitbucket.org/ianb/paste/changeset/fcae59df8b56"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://groups.google.com/group/paste-users/browse_thread/thread/3b3fff3dadd0b1e5?pli=1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://groups.google.com/group/pylons-discuss/msg/8c256dc076a408d8?dmode=source\u0026output=gplain"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://marc.info/?l=oss-security\u0026m=127785414818815\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://marc.info/?l=oss-security\u0026m=127792576822169\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://pylonshq.com/articles/archives/2010/6/paste_174_released_addresses_xss_security_hole"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/42500"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/41160"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-1026-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://bitbucket.org/ianb/paste/changeset/fcae59df8b56"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://groups.google.com/group/paste-users/browse_thread/thread/3b3fff3dadd0b1e5?pli=1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://groups.google.com/group/pylons-discuss/msg/8c256dc076a408d8?dmode=source\u0026output=gplain"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://marc.info/?l=oss-security\u0026m=127785414818815\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://marc.info/?l=oss-security\u0026m=127792576822169\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://pylonshq.com/articles/archives/2010/6/paste_174_released_addresses_xss_security_hole"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/42500"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/41160"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1026-1"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.