This vulnerability allows a remote attacker to read arbitrary files from the host operating system by sending a crafted HTTP request with "dot-dot-slash" ( ../ ) sequences.
Look for:
To mitigate this vulnerability, users of WSGIServer 0.2 with CPython 3.10.4 should: wsgiserver 0.2 cpython 3.10.4 exploit
If the application or server uses native string matching incorrectly, catastrophic backtracking can be induced by crafted input strings. 3. Vulnerability Verification and Enumeration
8000/tcp open http WSGIServer 0.2 (Python 3.10.4) Mitigation and Best Practices This vulnerability allows a remote attacker to read
If you have discovered this combination in your environment during a vulnerability scan or penetration test, immediate remediation is required. 1. Upgrade the WSGI Server
Legacy WSGI servers often use primitive string splitting or regex to parse incoming HTTP/1.1 requests. An attacker can open multiple connections to the
An attacker can open multiple connections to the server and send HTTP headers extremely slowly.
An issue in the IDNA codec implementation allows an attacker to cause a Denial of Service (DoS) via micro-architecture resource exhaustion by sending specifically crafted domain names.