Lucene search

K

Veracode Vulnerability DatabaseVERACODE:24489

HistoryApr 10, 2020 - 12:55 a.m.

Denial Of Service (DoS)

2020-04-1000:55:29

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

Python is vulnerable to denail of service (DoS). Due to a flaw found in the Python urllib and urllib2 libraries where they would not differentiate between different target URLs when handling automatic redirects, it caused Python applications using these modules to follow any new URL that they understood, including the “file://” URL type. This could allow a remote server to force a local Python application to read a local file instead of the remote one, possibly exposing local files that were not meant to be exposed.

CPENameOperatorVersion
pythoneq2.6.5__3.el6_0.2
pythoneq2.4.3__24.el5_3.6
pythoneq2.4.3__21.el5
pythoneq2.4.3__27.el5
pythoneq2.4.3__27.el5_5.2
pythoneq2.4.3__43.el5
pythoneq2.4.3__27.el5_5.3
pythoneq2.3.4__14.7.el4
pythoneq2.3.4__14.9.el4
pythoneq2.4.3__24.el5

Rows per page:

1-10 of 301

References

bugs.python.org/issue11662

hg.python.org/cpython/file/96a6c128822b/Misc/NEWS

hg.python.org/cpython/file/b2934d98dac1/Misc/NEWS

hg.python.org/cpython/rev/96a6c128822b/

hg.python.org/cpython/rev/b2934d98dac1/

lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html

lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html

openwall.com/lists/oss-security/2011/03/24/5

openwall.com/lists/oss-security/2011/03/28/2

openwall.com/lists/oss-security/2011/09/11/1

openwall.com/lists/oss-security/2011/09/13/2

openwall.com/lists/oss-security/2011/09/15/5

secunia.com/advisories/50858

secunia.com/advisories/51024

secunia.com/advisories/51040

securitytracker.com/id?1025488

support.apple.com/kb/HT5002

www.mandriva.com/security/advisories?name=MDVSA-2011:096

www.ubuntu.com/usn/USN-1592-1

www.ubuntu.com/usn/USN-1596-1

www.ubuntu.com/usn/USN-1613-1

www.ubuntu.com/usn/USN-1613-2

access.redhat.com/errata/RHSA-2011:0491

access.redhat.com/security/updates/classification/#moderate

bugzilla.redhat.com/show_bug.cgi?id=690560

bugzilla.redhat.com/show_bug.cgi?id=737366

rhn.redhat.com/errata/RHSA-2009-1625.html

www.djangoproject.com/weblog/2011/sep/09/

www.djangoproject.com/weblog/2011/sep/10/127/

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

Related for VERACODE:24489

nessus30 cve2 openvas34 debiancve2 ubuntucve2 prion2 ubuntu5 securityvulns4 gitlab1 osv3 github1 redhat3 oraclelinux3 centos2 f51 debian1 ibm1 vmware2