Unrated severityNVD Advisory· Published May 2, 2005· Updated Apr 16, 2026
CVE-2005-0089
CVE-2005-0089
Description
The SimpleXMLRPCServer library module in Python 2.2, 2.3 before 2.3.5, and 2.4, when used by XML-RPC servers that use the register_instance method to register an object without a _dispatch method, allows remote attackers to read or modify globals of the associated module, and possibly execute arbitrary code, via dotted attributes.
Affected products
2cpe:2.3:a:python:python:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:python:python:*:*:*:*:*:*:*:*range: <2.3.5
- cpe:2.3:a:python:python:2.4.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
12- python.org/security/PSF-2005-001/patch-2.2.txtnvdBroken LinkPatch
- www.debian.org/security/2005/dsa-666nvdPatchThird Party Advisory
- www.python.org/security/PSF-2005-001/nvdBroken LinkPatchVendor Advisory
- marc.infonvdMailing ListThird Party Advisory
- securitytracker.com/idnvdBroken LinkThird Party AdvisoryVDB Entry
- www.mandriva.com/security/advisoriesnvdBroken LinkThird Party Advisory
- www.redhat.com/support/errata/RHSA-2005-108.htmlnvdThird Party Advisory
- www.securityfocus.com/bid/12437nvdThird Party AdvisoryVDB Entry
- www.trustix.org/errata/2005/0003/nvdThird Party Advisory
- secunia.com/advisories/14128nvdBroken Link
- exchange.xforce.ibmcloud.com/vulnerabilities/19217nvdVDB Entry
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9811nvdBroken Link
News mentions
0No linked articles in our index yet.