logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2011-1521

Description

The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs. #### Bugs * <http://bugs.python.org/issue11662> * <https://bugs.launchpad.net/ubuntu/+source/python2.7/+bug/909556> #### Notes Author| Note ---|--- [jdstrand](<https://launchpad.net/~jdstrand>) | also needs a testcase fix


Affected Package


OS OS Version Package Name Package Version
ubuntu 08.04 python2.4 2.4.5-1ubuntu4.4
ubuntu upstream python2.4 any
ubuntu 08.04 python2.5 2.5.2-2ubuntu6.2
ubuntu upstream python2.5 any
ubuntu 10.04 python2.6 2.6.5-1ubuntu6.1
ubuntu 11.04 python2.6 2.6.6-6ubuntu7.1
ubuntu upstream python2.6 2.6.7
ubuntu 11.04 python2.7 2.7.1-5ubuntu2.2
ubuntu upstream python2.7 2.7.2
ubuntu 10.04 python3.1 3.1.2-0ubuntu3.1
ubuntu 10.10 python3.1 3.1.2+20100915-0ubuntu4.1
ubuntu 11.04 python3.1 3.1.3-1ubuntu1.1
ubuntu upstream python3.1 3.1.4 rc1
ubuntu 11.04 python3.2 3.2-1ubuntu1.1
ubuntu upstream python3.2 3.2.1

Related