CVE-2010-2477
Published Nov 6, 2010
Last updated 14 years ago
Overview
- Description
- Multiple cross-site scripting (XSS) vulnerabilities in the paste.httpexceptions implementation in Paste before 1.7.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving a 404 status code, related to (1) paste.urlparser.StaticURLParser, (2) paste.urlparser.PkgResourcesParser, (3) paste.urlmap.URLMap, and (4) HTTPNotFound.
- Source
- secalert@redhat.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pythonpaste:paste:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9A52C540-0909-4EDE-B753-617261E970CD",
"versionEndIncluding": "1.7.3.1"
},
{
"criteria": "cpe:2.3:a:pythonpaste:paste:0.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "68613358-50C2-4211-A210-79FF5D50407E"
},
{
"criteria": "cpe:2.3:a:pythonpaste:paste:0.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0BD52341-D5FB-4456-B035-58BB1602C794"
},
{
"criteria": "cpe:2.3:a:pythonpaste:paste:0.4.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AFC4E9B2-251A-4BB9-83C1-56DFE235D533"
},
{
"criteria": "cpe:2.3:a:pythonpaste:paste:0.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F1FE092E-560C-47F2-90DF-D0DF61338D5F"
},
{
"criteria": "cpe:2.3:a:pythonpaste:paste:0.9.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "000891AF-51D4-417A-96EF-99FC0CED4227"
},
{
"criteria": "cpe:2.3:a:pythonpaste:paste:0.9.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "08035C06-CD68-4AD3-BB94-30E8DA2E4E5B"
},
{
"criteria": "cpe:2.3:a:pythonpaste:paste:0.9.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A514CCBA-A4A8-4BF3-9139-72B47F48FC66"
},
{
"criteria": "cpe:2.3:a:pythonpaste:paste:0.9.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9862C0A5-E199-4329-9855-CC3A8C203AD2"
},
{
"criteria": "cpe:2.3:a:pythonpaste:paste:1.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "36D53159-E6D1-4FF3-BB11-F7F91F23C6C4"
},
{
"criteria": "cpe:2.3:a:pythonpaste:paste:1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "697D8726-59DB-4DD6-8BC1-00C48BA1113D"
},
{
"criteria": "cpe:2.3:a:pythonpaste:paste:1.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1FD6C801-32E6-41C2-BA9A-50FB01D97924"
},
{
"criteria": "cpe:2.3:a:pythonpaste:paste:1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "963F4A2D-C160-4AC7-AEEE-69A2647F13C3"
},
{
"criteria": "cpe:2.3:a:pythonpaste:paste:1.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FAA5051C-7ADC-402A-8529-443A1C1C57D6"
},
{
"criteria": "cpe:2.3:a:pythonpaste:paste:1.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1519C844-E6AE-4453-B160-508B7423ECF2"
},
{
"criteria": "cpe:2.3:a:pythonpaste:paste:1.4.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E3DCBFE7-A3C4-4627-89FE-4A2A56A71C12"
},
{
"criteria": "cpe:2.3:a:pythonpaste:paste:1.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3290471C-2427-43AB-A917-2BDC7C6FF210"
},
{
"criteria": "cpe:2.3:a:pythonpaste:paste:1.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "98108B3E-3510-4C99-975A-6CA9FB3D27FA"
},
{
"criteria": "cpe:2.3:a:pythonpaste:paste:1.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "279F0B5B-585E-47DC-907A-98EA56D669E2"
},
{
"criteria": "cpe:2.3:a:pythonpaste:paste:1.7.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DAFE30D1-AFC1-4BE4-AA3B-6A295E296D3B"
},
{
"criteria": "cpe:2.3:a:pythonpaste:paste:1.7.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2D9BC80C-690D-4602-B045-AD76A2E23E73"
},
{
"criteria": "cpe:2.3:a:pythonpaste:paste:1.7.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "464EDF87-4EA8-4039-8A83-18AED9042BB5"
}
],
"operator": "OR"
}
]
}
]