Lucene search

K
ubuntucveUbuntu.comUB:CVE-2011-4940
HistoryJun 27, 2012 - 12:00 a.m.

CVE-2011-4940

2012-06-2700:00:00
ubuntu.com
ubuntu.com
23

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

EPSS

0.004

Percentile

74.3%

The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer
in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2
does not place a charset parameter in the Content-Type HTTP header, which
makes it easier for remote attackers to conduct cross-site scripting (XSS)
attacks against Internet Explorer 7 via UTF-7 encoding.

Bugs

Notes

Author Note
tyhicks A duplicate CVE was incorrectly assigned as CVE-2012-2639
OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchpython2.4< 2.4.5-1ubuntu4.4UNKNOWN
ubuntu8.04noarchpython2.5< 2.5.2-2ubuntu6.2UNKNOWN
ubuntu10.04noarchpython2.6< 2.6.5-1ubuntu6.1UNKNOWN
ubuntu11.04noarchpython2.6< 2.6.6-6ubuntu7.1UNKNOWN
ubuntu11.04noarchpython2.7< 2.7.1-5ubuntu2.2UNKNOWN

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

EPSS

0.004

Percentile

74.3%