CVE-2011-4940

Published: 6/27/2012 Last updated: 8/7/2024 Reserved: 12/23/2011

The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Opam packages affected (7)

conf-python-2-7 conf-python-2-7-dev conf-python-3 conf-python-3-7 conf-python-3-dev py termbox

Products affected (1)

Product	Vendor	Version
n/a	n/a	n/a

References (24)

http://www.ubuntu.com/usn/USN-1592-1
http://jvn.jp/en/jp/JVN51176027/index.html
http://secunia.com/advisories/51040
http://secunia.com/advisories/50858
http://bugs.python.org/issue11442
http://www.securityfocus.com/bid/54083
http://www.ubuntu.com/usn/USN-1596-1
http://www.ubuntu.com/usn/USN-1613-2
http://jvndb.jvn.jp/jvndb/JVNDB-2012-000063
https://bugzilla.redhat.com/show_bug.cgi?id=803500
http://secunia.com/advisories/51024
http://www.ubuntu.com/usn/USN-1613-1
http://www.ubuntu.com/usn/USN-1592-1
http://jvn.jp/en/jp/JVN51176027/index.html
http://secunia.com/advisories/51040
http://secunia.com/advisories/50858
http://bugs.python.org/issue11442
http://www.securityfocus.com/bid/54083
http://www.ubuntu.com/usn/USN-1596-1
http://www.ubuntu.com/usn/USN-1613-2
http://jvndb.jvn.jp/jvndb/JVNDB-2012-000063
https://bugzilla.redhat.com/show_bug.cgi?id=803500
http://secunia.com/advisories/51024
http://www.ubuntu.com/usn/USN-1613-1