Many old WSGI servers trusted user-supplied PATH_INFO without normalization. An exploit might use ..%2f sequences to access files outside the document root if the application serves static files through the WSGI stack.
The application receives the request and utilizes Python 3.10.4's flawed urlsplit function to check if the destination is safe. Due to CVE-2023-24329, the validation check passes. wsgiserver 02 cpython 3104 exploit
Older WSGI server iterations occasionally mishandle URL decoding. Due to CVE-2023-24329, the validation check passes
The exploit in question takes advantage of a vulnerability in WSGIServer 0.2, which allows an attacker to execute arbitrary code on the server. This is achieved by sending a specially crafted HTTP request to the server, which is then processed by the WSGIServer 0.2 module. The vulnerability arises from the lack of proper input validation and sanitization in the module. This is achieved by sending a specially crafted
The "wsgiserver 02" in your keyword likely refers to a version or revision of CherryPy’s internal HTTP server, which was widely used before CherryPy adopted Cheroot as its standalone WSGI server.
The attacker scans the target application and identifies the server banner or infers the use of CPython 3.10.4 through error messages or response headers.