• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Apache mod_python Module Publisher Handler Information Disclosure Vulnerability

Severity: MODERATE

Description:

Apache's mod_python is a module that allows the webserver to interpret Python scripts. The module supports Apache 1.3.x and 2.x and is available for Windows, Linux, and most UNIX systems.

The mod_python publisher can be used to map URL information directly into a Python module and function. Path information is used to locate the appropriate module and directory, and CGI parameters are passed as function parameters.

The mod_python module publisher handler is prone to a remote information-disclosure vulnerability. This issue may allow remote unauthorized attackers to gain access to sensitive objects. Specifically, an attacker can carry out this attack by issuing a malformed URI request that discloses the objects.

Information that attackers gain by exploiting this issue may help them launch further attacks against an affected server.

All versions of mod_python are considered vulnerable at the moment.

Affected Products:

• Conectiva Linux 10.0.0
• Conectiva Linux 7.0.0
• Conectiva Linux 8.0.0
• Conectiva Linux 9.0.0
• Conectiva Linux Enterprise Edition 1.0.0
• Debian Linux 3.0.0
• Debian Linux 3.0.0 alpha
• Debian Linux 3.0.0 arm
• Debian Linux 3.0.0 hppa
• Debian Linux 3.0.0 ia-32
• Debian Linux 3.0.0 ia-64
• Debian Linux 3.0.0 m68k
• Debian Linux 3.0.0 mips
• Debian Linux 3.0.0 mipsel
• Debian Linux 3.0.0 ppc
• Debian Linux 3.0.0 s/390
• Debian Linux 3.0.0 sparc
• Gentoo Linux
• Gregory Trubetskoy mod_python 2.7.0
• Gregory Trubetskoy mod_python 2.7.1
• Gregory Trubetskoy mod_python 2.7.10
• Gregory Trubetskoy mod_python 2.7.2
• Gregory Trubetskoy mod_python 2.7.3
• Gregory Trubetskoy mod_python 2.7.4
• Gregory Trubetskoy mod_python 2.7.5
• Gregory Trubetskoy mod_python 2.7.6
• Gregory Trubetskoy mod_python 2.7.7
• Gregory Trubetskoy mod_python 2.7.8
• Gregory Trubetskoy mod_python 2.7.9
• Gregory Trubetskoy mod_python 3.0.0
• Gregory Trubetskoy mod_python 3.0.1
• Gregory Trubetskoy mod_python 3.0.2
• Gregory Trubetskoy mod_python 3.0.3
• Gregory Trubetskoy mod_python 3.0.4
• Gregory Trubetskoy mod_python 3.1.3
• RedHat Advanced Workstation for the Itanium Processor 2.1.0
• RedHat Advanced Workstation for the Itanium Processor 2.1.0 IA64
• RedHat Desktop 3.0.0
• RedHat Enterprise Linux AS 2.1
• RedHat Enterprise Linux AS 2.1 IA64
• RedHat Enterprise Linux AS 3
• RedHat Enterprise Linux ES 2.1
• RedHat Enterprise Linux ES 2.1 IA64
• RedHat Enterprise Linux ES 3
• RedHat Enterprise Linux WS 2.1
• RedHat Enterprise Linux WS 2.1 IA64
• RedHat Enterprise Linux WS 3
• RedHat Fedora Core1
• RedHat Fedora Core2
• RedHat Fedora Core3
• RedHat Linux 7.2.0
• RedHat Linux 7.2.0 i386
• RedHat Linux 7.2.0 i586
• RedHat Linux 7.2.0 i686
• RedHat Linux 7.2.0 ia64
• RedHat Linux 7.3.0
• RedHat Linux 7.3.0 i386
• RedHat Linux 7.3.0 i686
• RedHat Linux 9.0.0 i386
• SGI ProPack 3.0.0
• Trustix Secure Enterprise Linux 2.0.0
• Trustix Secure Linux 1.5.0
• Trustix Secure Linux 2.1.0
• Trustix Secure Linux 2.2.0
• Ubuntu Ubuntu Linux 4.1.0 ia32
• Ubuntu Ubuntu Linux 4.1.0 ia64
• Ubuntu Ubuntu Linux 4.1.0 ppc

References:

• Apache Software Foundation: Apache mod_python Product Page
• RedHat: RHSA-2005:104-03 - Updated mod_python package fixes security issue

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.