python python CVE-2014-4650 in Python and Red Hat Products
Published on February 20, 2020

product logo product logo
The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator.

Vendor Advisory NVD


Products Associated with CVE-2014-4650

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2014-4650 are published in these products:

Python
 
Red Hat Enterprise Linux (RHEL)
 
Red Hat Software Collections
 

Exploit Probability

EPSS
6.02%
Percentile
90.59%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.