CVE-2011-4940 in Pythoninfo

Zusammenfassung (Englisch)

The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Reservieren

23.12.2011

Veröffentlichung

27.06.2012

Status

Bestätigt

Einträge

VulDB provides additional information and datapoints for this CVE:

Quellen

Interested in the pricing of exploits?

See the underground prices here!