. These servers lack robust security checks and are prone to: Information Disclosure
A straightforward HTTP GET to a server might return a response that, tucked among its headers, reveals more than intended.
method on Linux allows for arbitrary code execution via insecure pickle deserialization. Command Injection (CVE-2015-20107) wsgiserver 0.2 cpython 3.10.4 exploit
wsgiserver 0.2 uses primitive string splitting routines to parse HTTP headers. CPython 3.10.4 relies on strict, updated rules for handling control characters in strings and byte streams.
If the application uses pickle to handle session data or object serialization, it is highly susceptible to RCE. An attacker can craft a malicious pickle payload that executes a reverse shell when "unpickled" by the server. Security Implications and Remediation Command Injection (CVE-2015-20107) wsgiserver 0
: This is the built-in reference server provided by Python’s wsgiref.simple_server module. It is explicitly documented as not being production-ready due to performance and security limitations.
decorators, allowing a login bypass, and then permits unauthenticated command injection via a parameter in a POST request to /run_command/ Proof of Concept: POST /run_command/ HTTP/1.1 ... command=whoami Use code with caution. Copied to clipboard Cross-Site Scripting (XSS) Vulnerability: An attacker can craft a malicious pickle payload
Improper sanitization of the URL path in the WSGI implementation.