Full title: Python CGIHTTPServer Encoded Path Traversal Vulnerability 
Category: web applications
Platform: multiple
The CGIHTTPServer Python module does not properly handle URL-encoded path separators in URLs. This may enable attackers to disclose a CGI script's source code or execute arbitrary CGI scripts in the server's document root.

# 0day.today @ http://0day.today/