Lucene search

K
cve[email protected]CVE-2011-1521
HistoryMay 24, 2011 - 11:55 p.m.

CVE-2011-1521

2011-05-2423:55:02
CWE-399
web.nvd.nist.gov
149
python
urllib
urllib2
vulnerability
cve-2011-1521
nvd
information security

7.3 High

AI Score

Confidence

High

6.4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.136 Low

EPSS

Percentile

95.6%

The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs.

Affected configurations

NVD
Node
pythonpythonMatch2.0
OR
pythonpythonMatch2.0.1
OR
pythonpythonMatch2.1
OR
pythonpythonMatch2.1.1
OR
pythonpythonMatch2.1.2
OR
pythonpythonMatch2.1.3
OR
pythonpythonMatch2.2
OR
pythonpythonMatch2.2.1
OR
pythonpythonMatch2.2.2
OR
pythonpythonMatch2.2.3
OR
pythonpythonMatch2.3.1
OR
pythonpythonMatch2.3.2
OR
pythonpythonMatch2.3.3
OR
pythonpythonMatch2.3.4
OR
pythonpythonMatch2.3.5
OR
pythonpythonMatch2.3.7
OR
pythonpythonMatch2.4.1
OR
pythonpythonMatch2.4.2
OR
pythonpythonMatch2.4.3
OR
pythonpythonMatch2.4.4
OR
pythonpythonMatch2.4.6
OR
pythonpythonMatch2.5.1
OR
pythonpythonMatch2.5.2
OR
pythonpythonMatch2.5.3
OR
pythonpythonMatch2.5.4
OR
pythonpythonMatch2.6.1
OR
pythonpythonMatch2.6.4
OR
pythonpythonMatch2.6.5
OR
pythonpythonMatch2.6.6
OR
pythonpythonMatch2.6.7
OR
pythonpythonMatch2.7.1
Node
pythonpythonMatch3.0
OR
pythonpythonMatch3.0.1
OR
pythonpythonMatch3.1
OR
pythonpythonMatch3.1.1
OR
pythonpythonMatch3.1.2
OR
pythonpythonMatch3.1.3
OR
pythonpythonMatch3.2
OR
pythonpythonMatch3.2alpha

References

7.3 High

AI Score

Confidence

High

6.4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.136 Low

EPSS

Percentile

95.6%