USN-1592-1: Python 2.7 vulnerabilities

Niels Heinen discovered that the urllib and urllib2 modules would process Location headers that specify a redirection to file: URLs. A remote attacker could exploit this to obtain sensitive information or cause a denial of service. This issue only affected Ubuntu 11.04. CVE-2011-1521 It was...

Scientific Linux Security Update : python on SL5.x i386/x86_64 (20120618)

Python is an interpreted, interactive, object-oriented programming language. A denial of service flaw was found in the implementation of associative arrays dictionaries in Python. An attacker able to supply a large number of inputs to a Python application such as HTTP POST request parameters sent...

Low: python26

Issue Overview: A denial of service flaw was found in the implementation of associative arrays dictionaries in Python. An attacker able to supply a large number of inputs to a Python application such as HTTP POST request parameters sent to a web application that are used as keys when inserting da...

DEBIAN-CVE-2011-4940

The listdirectory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting XSS...

CVE-2011-4940

The listdirectory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting XSS...

Cross site scripting

The listdirectory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting XSS...

PSF-2012-1 SimpleHTTPServer UTF-7

The listdirectory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting XSS...

CVE-2011-4940

The listdirectory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting XSS...

CVE-2011-4940

The listdirectory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting XSS...

CVE-2011-4940

In CVE-2011-4940, the list_directory function in Lib/SimpleHTTPServer.py used by Python’s SimpleHTTPServer does not add a charset parameter in the Content-Type header. This enables cross-site scripting (XSS) in Internet Explorer 7 via UTF-7 encoding. Affected are Python SimpleHTTPServer implement...

CVE-2011-4940

The listdirectory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting XSS...

Python SimpleHTTPServer 'list_directory()'函数跨站脚本漏洞

Bugtraq ID: 54083 CVE ID:CVE-2011-4940 Python SimpleHTTPServer是一款支持上传的简单HTTP服务程序。 Python SimpleHTTPServer listdirectory函数由于缺失字符集参数，攻击者可以利用漏洞进行跨站脚本攻击，可获得敏感信息或劫持用户会话。 0 Python 2.6.5 Python 2.6.2 Python 2.5.5 Python 2.5.3 Python 2.5.2 -r6 Python 2.5.2 Python 2.5.1 Python 2.5.5c2 Python 2.5 厂商补丁：...

Mandriva Update for python MDVSA-2012:096 (python)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Mandriva Update for python MDVSA-2012:096 (python)

Check for the Version of python OpenVAS Vulnerability Test Mandriva Update for python MDVSA-2012:096 python Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...

CentOS 6 : python (CESA-2012:0744)

Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

Python SimpleHTTPServer vulnerable to cross-site scripting

Overview The SimpleHTTPServer in Python contains a cross-site scripting vulnerability. Keigo Yamazaki of Little eArth Corporation Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script...

RHEL 6 : python (RHSA-2012:0744)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:0744 advisory. - python: potential XSS in SimpleHTTPServer's listdirectory CVE-2011-4940 - python: distutils creates /.pypirc insecurely CVE-2011-4944 -...

RedHat Update for python RHSA-2012:0744-01

Check for the Version of python OpenVAS Vulnerability Test RedHat Update for python RHSA-2012:0744-01 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

JVN#51176027: Python SimpleHTTPServer vulnerable to cross-site scripting

The SimpleHTTPServer in Python contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's Internet Explorer. According to the developer, this issue exists only when using Internet Explorer 7. Solution Update the software Update to the latest version...

RHEL 5 : python (RHSA-2012:0745)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:0745 advisory. - python: potential XSS in SimpleHTTPServer's listdirectory CVE-2011-4940 - python: distutils creates /.pypirc insecurely CVE-2011-4944 -...