CherryPy < 2.1.1 staticfilter Directory Traversal Arbitrary File Access
Medium Nessus Network Monitor Plugin ID 3442
SynopsisThe remote host is vulnerable to a Directory Traversal flaw.
DescriptionThe remote host is running CherryPy, a web-based content management system written in python. This version of CherryPy is vulnerable to a directory traversal flaw. An attacker exploiting this flaw would send a malformed query to the application. Successful exploitation would result in the attacker being able to access confidential data outside of the web root directory.
SolutionUpgrade to version 2.1.1 or higher.