Computer Security
[EN] securityvulns.ru no-pyccku


python security vulnerabilities
Published:25.05.2011
Source:
SecurityVulns ID:11688
Type:library
Threat Level:
5/10
Description:Source code leakage in CGIHTTPServer, local files acces in urllib.
Affected:PYTHON : python 2.5
 PYTHON : python 2.6
 PYTHON : python 3.0
CVE:CVE-2011-1521 (The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs.)
 CVE-2011-1015 (The is_cgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote attackers to read script source code via an HTTP GET request that lacks a / (slash) character at the beginning of the URI.)
Original documentdocumentMANDRIVA, [ MDVSA-2011:096 ] python (25.05.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod