2 matches found
DEBIAN-CVE-2011-4940
The listdirectory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting XSS...
Python SimpleHTTPServer vulnerable to cross-site scripting
Overview The SimpleHTTPServer in Python contains a cross-site scripting vulnerability. Keigo Yamazaki of Little eArth Corporation Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script...