Content-Type Bypass Vulnerability in Bottle 0.10.x - 0.12.x

Content-Type Bypass Vulnerability in Bottle 0.10.x - 0.12.x

CVE-2014-3137 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 does not properly limit content types, which allows remote attackers to bypass intended access restrictions via an accepted Content-Type followed by a ; (semi-colon) and a Content-Type that would not be accepted, as demonstrated in YouCompleteMe to execute arbitrary code.

Learn more about our Web Application Penetration Testing UK.