CVE-2011-4940 in Pythoninfo

Zusammenfassung (Englisch)

The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Reservieren

23.12.2011

Veröffentlichung

27.06.2012

Status

Bestätigt

Einträge

VulDB provides additional information and datapoints for this CVE:

ID	Schwachstelle	CWE	Aus	Mas	CVE
5572	Python SimpleHTTPServer SimpleHTTPServer.py list_directory Cross Site Scripting	79	Nicht definiert	Offizieller Fix	CVE-2011-4940

Beschreibung

CPE

CWE

CVSS

Exploits

History

Diff

Verknüpfen

Threat Intelligence

API JSON

API XML

API CSV

Quellen

◂ ZurückÜbersichtWeiter ▸

Interested in the pricing of exploits?

See the underground prices here!