| CNNVD-ID编号 | CNNVD-201909-1296 | CVE编号 | CVE-2019-16935 |
| 发布时间 | 2019-09-27 | 更新时间 | 2021-01-29 |
| 漏洞类型 | 跨站脚本 | 漏洞来源 | N/A |
| 危险等级 | 中危 | 威胁类型 | 远程 |
| 厂商 | N/A | ||
Python是Python软件基金会的一套开源的、面向对象的程序设计语言。该语言具有可扩展、支持模块和包、支持多种平台等特点。documentation XML-RPC server是其中的一个XML-RPC(远程过程调用的分布式计算协议)服务器。
Python 2.7.16及之前版本、3.x版本至3.6.9版本和3.7.x版本至3.7.4版本中的documentation XML-RPC服务器存在跨站脚本漏洞。该漏洞源于WEB应用缺少对客户端数据的正确验证。攻击者可利用该漏洞执行客户端代码。
目前厂商已发布升级补丁以修复漏洞,详情请关注厂商主页:
https://www.python.org
来源:github.com
来源:github.com
来源:github.com
来源:bugs.python.org
来源:FEDORA
来源:FEDORA
来源:CONFIRM
来源:FEDORA
来源:SUSE
链接:http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00012.html
来源:FEDORA
来源:UBUNTU
来源:FEDORA
来源:FEDORA
来源:UBUNTU
来源:MLIST
链接:https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html
来源:SUSE
链接:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00062.html
来源:SUSE
链接:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00063.html
来源:FEDORA
来源:FEDORA
来源:SUSE
链接:http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00021.html
来源:SUSE
链接:http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
来源:MISC
来源:www.suse.com
链接:https://www.suse.com/support/update/announcement/2019/suse-su-20192748-1.html
来源:www.suse.com
链接:https://www.suse.com/support/update/announcement/2019/suse-su-20192743-1.html
来源:usn.ubuntu.com
来源:usn.ubuntu.com
来源:www.suse.com
链接:https://www.suse.com/support/update/announcement/2019/suse-su-20192748-2.html
来源:www.suse.com
链接:https://www.suse.com/support/update/announcement/2020/suse-su-20200234-1.html
来源:www.ibm.com
来源:www.ibm.com
来源:www.ibm.com
来源:www.ibm.com
来源:www.ibm.com
来源:www.ibm.com
来源:www.ibm.com
来源:www.auscert.org.au
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/160125/Red-Hat-Security-Advisory-2020-5149-01.html
来源:www.ibm.com
来源:nvd.nist.gov
来源:www.auscert.org.au
来源:www.auscert.org.au
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/154796/Ubuntu-Security-Notice-USN-4151-2.html
来源:www.auscert.org.au
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/159811/Red-Hat-Security-Advisory-2020-4433-01.html
来源:www.auscert.org.au
来源:www.auscert.org.au
来源:www.auscert.org.au
来源:vigilance.fr
链接:https://vigilance.fr/vulnerability/Python-Cross-Site-Scripting-via-DocXMLRPCServer-py-30477
来源:www.auscert.org.au
来源:www.auscert.org.au
来源:www.auscert.org.au
来源:www.auscert.org.au
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/159553/Red-Hat-Security-Advisory-2020-4255-01.html
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/159626/Red-Hat-Security-Advisory-2020-4285-01.html
来源:www.auscert.org.au
来源:www.auscert.org.au
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/159661/Red-Hat-Security-Advisory-2020-4264-01.html
来源:www.auscert.org.au
来源:www.auscert.org.au
来源:www.ibm.com
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/159351/Red-Hat-Security-Advisory-2020-3888-01.html
来源:www.auscert.org.au
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/154783/Ubuntu-Security-Notice-USN-4151-1.html
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/160889/Red-Hat-Security-Advisory-2021-0050-01.html
来源:www.auscert.org.au
来源:www.auscert.org.au
暂无
计算
安全
数据库
网络和加速
企业服务
