What is the severity of CVE-2014-3137?

CVE-2014-3137 is considered moderate as it allows remote attackers to bypass access restrictions.

How do I fix CVE-2014-3137?

To fix CVE-2014-3137, upgrade Bottle to version 0.12.6, 0.11.7, or 0.10.12 or later.

Which versions of Bottle are affected by CVE-2014-3137?

CVE-2014-3137 affects Bottle versions 0.10.x prior to 0.10.12, 0.11.x prior to 0.11.7, and 0.12.x prior to 0.12.6.

What type of vulnerability is CVE-2014-3137?

CVE-2014-3137 is a content type validation vulnerability.

Can exploit CVE-2014-3137 result in unauthorized access?

Yes, exploit of CVE-2014-3137 can lead to unauthorized access by bypassing intended content type restrictions.

Vulnerability/
CVE-2014-3137

critical

9.8

CWE

1/5/2014

25/10/2014

17/5/2022

13/9/2024

CVE-2014-3137: Input Validation

First published: Thu May 01 2014(Updated: )

Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 does not properly limit content types, which allows remote attackers to bypass intended access restrictions via an accepted Content-Type followed by a ; (semi-colon) and a Content-Type that would not be accepted, as demonstrated in YouCompleteMe to execute arbitrary code.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
pip/bottle	>=0.12.0<0.12.6	0.12.6
pip/bottle	>=0.11.0<0.11.7	0.11.7
pip/bottle	>=0.10.0<0.10.12	0.10.12
Bottle	=0.10.0
Bottle	=0.10.1
Bottle	=0.10.2
Bottle	=0.10.3
Bottle	=0.10.4
Bottle	=0.10.5
Bottle	=0.10.6
Bottle	=0.10.7
Bottle	=0.10.8
Bottle	=0.10.9
Bottle	=0.10.10
Bottle	=0.10.11
Bottle	=0.11.0
Bottle	=0.11.1
Bottle	=0.11.2
Bottle	=0.11.3
Bottle	=0.11.4
Bottle	=0.11.5
Bottle	=0.11.6
Bottle	=0.11.7
Bottle	=0.12.0
Bottle	=0.12.1
Bottle	=0.12.2
Bottle	=0.12.3
Bottle	=0.12.4
Bottle	=0.12.5

Remedy

https://bugzilla.redhat.com/show_bug.cgi?id=1093255

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2014-3137?
CVE-2014-3137 is considered moderate as it allows remote attackers to bypass access restrictions.
How do I fix CVE-2014-3137?
To fix CVE-2014-3137, upgrade Bottle to version 0.12.6, 0.11.7, or 0.10.12 or later.
Which versions of Bottle are affected by CVE-2014-3137?
CVE-2014-3137 affects Bottle versions 0.10.x prior to 0.10.12, 0.11.x prior to 0.11.7, and 0.12.x prior to 0.12.6.
What type of vulnerability is CVE-2014-3137?
CVE-2014-3137 is a content type validation vulnerability.
Can exploit CVE-2014-3137 result in unauthorized access?
Yes, exploit of CVE-2014-3137 can lead to unauthorized access by bypassing intended content type restrictions.

agent/author
agent/type
agent/first-publish-date
collector/mitre-cve
source/MITRE
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2014-3137
agent/remedy
agent/weakness
agent/description
agent/event
collector/github-advisory-latest
source/GitHub
alias/GHSA-873q-wpqr-xfgw
agent/software-canonical-lookup
agent/references
agent/severity
agent/last-modified-date
collector/github-advisory
agent/trending
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-cve
source/NVD
package-manager/pip
vendor/bottlepy
canonical/bottle
version/bottle/0.10.0
version/bottle/0.10.1
version/bottle/0.10.2
version/bottle/0.10.3
version/bottle/0.10.4
version/bottle/0.10.5
version/bottle/0.10.6
version/bottle/0.10.7
version/bottle/0.10.8
version/bottle/0.10.9
version/bottle/0.10.10
version/bottle/0.10.11
version/bottle/0.11.0
version/bottle/0.11.1
version/bottle/0.11.2
version/bottle/0.11.3
version/bottle/0.11.4
version/bottle/0.11.5
version/bottle/0.11.6
version/bottle/0.11.7
version/bottle/0.12.0
version/bottle/0.12.1
version/bottle/0.12.2
version/bottle/0.12.3
version/bottle/0.12.4
version/bottle/0.12.5