[issue19435] Directory traversal attack for CGIHTTPRequestHandler

Ned Deily added the comment: See Issue21323 for details of a problem introduced by the original fixes for this problem and now fixed (except for 3.1 which is now end-of-life). -- nosy: +ned.deily ___ Python tracker

[issue19435] Directory traversal attack for CGIHTTPRequestHandler

Roundup Robot added the comment: New changeset d367ea865ea4 by Ned Deily in branch '2.7': Issue #21323: Fix CGIHTTPServer to again handle scripts in CGI subdirectories, http://hg.python.org/cpython/rev/d367ea865ea4 New changeset 4de94641ba3e by Ned Deily in branch '3.2': Issue #21323: Fix http.s

[issue19435] Directory traversal attack for CGIHTTPRequestHandler

Changes by Arfrever Frehtes Taifersar Arahesis : -- nosy: +Arfrever ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscri

[issue19435] Directory traversal attack for CGIHTTPRequestHandler

Roundup Robot added the comment: New changeset e4fe8fcaef0d by Benjamin Peterson in branch '2.7': use the collapsed path in the run_cgi method (closes #19435) http://hg.python.org/cpython/rev/e4fe8fcaef0d New changeset b1ddcb220a7f by Benjamin Peterson in branch '3.1': use the collapsed path in

[issue19435] Directory traversal attack for CGIHTTPRequestHandler

Benjamin Peterson added the comment: Patch -- keywords: +patch Added file: http://bugs.python.org/file32413/cgi.patch ___ Python tracker ___ _

[issue19435] Directory traversal attack for CGIHTTPRequestHandler

Changes by janzert : -- nosy: +janzert ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/

[issue19435] Directory traversal attack for CGIHTTPRequestHandler

Changes by Stéphane Glondu : -- nosy: +glondu ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.pyth

[issue19435] Directory traversal attack for CGIHTTPRequestHandler

Changes by Barry A. Warsaw : -- nosy: +barry ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.pytho

[issue19435] Directory traversal attack for CGIHTTPRequestHandler

Christian Heimes added the comment: I can confirm the issue: $ mkdir www $ cd www $ cat << EOF > badscript.sh #!/bin/sh echo hacked EOF $ chmod +x badscript.sh $ ../python -m http.server --cgi $ echo "GET ///badscript.sh/../cgi-bin/cgi.sh HTTP/1.1" | nc localhost 8000 HTTP/1.0 200 Scr

[issue19435] Directory traversal attack for CGIHTTPRequestHandler

Changes by STINNER Victor : -- nosy: +christian.heimes, haypo ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: h

[issue19435] Directory traversal attack for CGIHTTPRequestHandler

New submission from Alexander Kruppa: An error in separating the path and filename of the CGI script to run in http.server.CGIHTTPRequestHandler allows running arbitrary executables in the directory under which the server was started. The problem is that in CGIHTTPRequestHandler we have: de