Vigil@nce: Python, source code disclosure via CGIHTTPServer
May 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can send a special query to Python CGIHTTPServer in
order to read the source code of cgi scripts.
– Severity: 2/4
– Creation date: 06/05/2011
IMPACTED PRODUCTS
– Microsoft Windows - plateform
– Red Hat Enterprise Linux
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The CGIHTTPServer module of Python is used to generate web pages
via cgi scripts.
The is_cgi() function of the Lib/CGIHTTPServer.py file detects if
the path given as argument is a cgi script, in order to detect if
the file has to be interpreted as a script, of if it can be
directly returned to the user. In order to do so, this function
checks if the beginning of the path is one of the directories
containing scripts (self.cgi_directories). For example,
"/cgi-bin/myscript" starts by "/cgi-bin" an it is thus recognized
as a cgi script.
However, if the attacker uses "cgi-bin/myscript" the is_cgi()
function indicates that it is not a script. The module thus
directly returns the content of the "myscript" file to the user.
An attacker can therefore send a special query to Python
CGIHTTPServer in order to read the source code of cgi scripts.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Python-source-code-disclosure-via-CGIHTTPServer-10621