Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2011-4940HistoryJun 27, 2012 - 10:18 a.m.
CVE-2011-4940
2012-06-2710:18:36
Debian Security Bug Tracker
security-tracker.debian.org
16
CVSS2
2.6
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
EPSS
0.004
Percentile
74.3%
The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 11 | all | python2.7 | < 2.7.2-8 | python2.7_2.7.2-8_all.deb |
Related
veracode
veracode
Cross-site Scripting (XSS)
2019-01-15 08:52:09
Information Disclosure
2019-05-02 04:41:53
Denial Of Service (DoS)
2019-05-02 04:41:53
seebug
seebug
Python SimpleHTTPServer 'list_directory()'函数跨站脚本漏洞
2012-06-23 00:00:00
jvn
jvn
JVN#51176027: Python SimpleHTTPServer vulnerable to cross-site scripting
2012-06-19 00:00:00
cvelist
cvelist
CVE-2011-4940
2012-06-27 10:00:00
nvd
nvd
CVE-2011-4940
2012-06-27 10:18:36
CVE-2012-2639
2012-06-26 10:23:42
prion
prion
Cross site scripting
2012-06-27 10:18:00
openvas
openvas
Python < 2.5.6, 2.6.x < 2.6.7, 2.7.x < 2.7.2, 3.2.x < 3.2.4, 3.3.x < 3.3.1 SimpleHTTPServer UTF-7 (bpo-11442) - Linux
2021-11-01 00:00:00
RedHat Update for python RHSA-2012:0745-01
2012-06-19 00:00:00
RedHat Update for python RHSA-2012:0745-01
2012-06-19 00:00:00
cve
cve
CVE-2011-4940
2012-06-27 10:18:36
CVE-2012-2639
2012-06-26 10:23:42
ubuntucve
ubuntucve
CVE-2011-4940
2012-06-27 00:00:00
nessus
nessus
Oracle Linux 5 : python (ELSA-2012-0745)
2013-07-12 00:00:00
CentOS 5 : python (CESA-2012:0745)
2012-06-19 00:00:00
RHEL 5 : python (RHSA-2012:0745)
2012-06-19 00:00:00
redhat
redhat
(RHSA-2012:0745) Moderate: python security update
2012-06-18 00:00:00
(RHSA-2012:0744) Moderate: python security update
2012-06-18 00:00:00
centos
centos
python, tkinter security update
2012-06-18 13:11:45
python, tkinter security update
2012-06-18 16:35:36
amazon
amazon
Low: python26
2012-07-05 16:16:00
oraclelinux
oraclelinux
python security update
2012-06-18 00:00:00
python security update
2012-06-18 00:00:00
ubuntu
ubuntu
Python 2.7 vulnerabilities
2012-10-02 00:00:00
Python 2.6 vulnerabilities
2012-10-04 00:00:00
Python 2.5 vulnerabilities
2012-10-17 00:00:00
securityvulns
securityvulns
python multiple security vulnerabilities
2012-07-29 00:00:00
[ MDVSA-2012:096-1 ] python
2012-07-09 00:00:00
f5
f5
debian
debian
[DLA 25-1] python2.6 security update
2014-07-31 21:07:32
osv
osv
python2.6 - security update
2014-07-31 00:00:00
vmware
vmware
VMware security updates for vSphere API and ESX Service Console
2012-11-15 00:00:00
CVSS2
2.6
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
EPSS
0.004
Percentile
74.3%
Related for DEBIANCVE:CVE-2011-4940