Test ID:	1.3.6.1.4.1.25623.1.0.844064
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-4030-1)
Summary:	The remote host is missing an update for the 'web2py' package(s) announced via the USN-4030-1 advisory.
Description:	Summary: The remote host is missing an update for the 'web2py' package(s) announced via the USN-4030-1 advisory. Vulnerability Insight: It was discovered that web2py does not properly check denied hosts before verifying passwords. An attacker could possibly use this issue to perform brute-force attacks. (CVE-2016-10321) It was discovered that web2py allows remote attackers to obtain environment variable values. An attacker could possibly use this issue to gain administrative access. (CVE-2016-3952) It was discovered that web2py uses a hardcoded encryption key. An attacker could possibly use this issue to execute arbitrary code. (CVE-2016-3953, CVE-2016-3954, CVE-2016-3957) Affected Software/OS: 'web2py' package(s) on Ubuntu 16.04. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-10321 https://usn.ubuntu.com/4030-1/ Common Vulnerability Exposure (CVE) ID: CVE-2016-3952 https://devco.re/blog/2017/01/03/web2py-unserialize-code-execution-CVE-2016-3957/ Common Vulnerability Exposure (CVE) ID: CVE-2016-3953 https://github.com/web2py/web2py/blob/R-2.14.1/applications/examples/models/session.py Common Vulnerability Exposure (CVE) ID: CVE-2016-3954 Common Vulnerability Exposure (CVE) ID: CVE-2016-3957 https://github.com/web2py/web2py/blob/R-2.14.1/gluon/utils.py#L200
Copyright	Copyright (C) 2019 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.