CVE-2006-0847

N/A Unknown

Published: February 22, 2006 Modified: April 16, 2026

Description

Directory traversal vulnerability in the staticfilter component in CherryPy before 2.1.1 allows remote attackers to read arbitrary files via ".." sequences in unspecified vectors.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://groups.google.com/group/cherrypy-announce/browse_thread/thread/92b2972f774fe6df/2f63afc9433dc306#2f63afc9433dc306

Source: cve@mitre.org

Patch

http://secunia.com/advisories/18944

Source: cve@mitre.org

http://secunia.com/advisories/20344

Source: cve@mitre.org

http://sourceforge.net/project/shownotes.php?release_id=384316&group_id=56099

Source: cve@mitre.org

http://www.cherrypy.org/

Source: cve@mitre.org

http://www.gentoo.org/security/en/glsa/glsa-200605-16.xml

Source: cve@mitre.org

http://www.securityfocus.com/bid/16760

Source: cve@mitre.org

Patch

http://www.vupen.com/english/advisories/2006/0677

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/24809

Source: cve@mitre.org

http://groups.google.com/group/cherrypy-announce/browse_thread/thread/92b2972f774fe6df/2f63afc9433dc306#2f63afc9433dc306