The "WSGIServer/0.2 CPython/3.10.4" header frequently indicates a directory traversal vulnerability (CVE-2021-40978) in MkDocs 1.2.2, allowing for arbitrary file read via traversal sequences. Other potential vulnerabilities in this environment include CVE-2022-0391 (CRLF injection) and CVE-2021-28861 (open redirection). For technical details, see the CVE-2021-40978 GitHub repository Red Hat Customer Portal CVE-2022-0391 - Red Hat Customer Portal
Some configurations or specific versions of apps served via WSGIServer are vulnerable to directory traversal, allowing an attacker to read files outside the intended web root. wsgiserver 02 cpython 3104 exploit
In some lab environments (like "TheSystem"), the WSGIServer 0.2 environment has been shown to be vulnerable to command injection via POST requests to specific endpoints like /run_command/ Resource Exhaustion: Vulnerabilities in related components, such as waitress@0.2 , can lead to high CPU usage or denial of service if socket connections are handled improperly. Exploit-DB Context in Penetration Testing If you are seeing this banner during a scan: Enumerate Endpoints: Check for common paths like /run_command Test for Traversal: Attempt to read /etc/passwd (Linux) or C:\Windows\win.ini (Windows) using encoded traversal strings. Check for File Uploads: The "WSGIServer/0