CVE-2011-1015

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The is_cgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote attackers to read script source code via an HTTP GET request that lacks a / (slash) character at the beginning of the URI.

References

http://bugs.python.org/issue2254

http://hg.python.org/cpython/rev/c6c4398293bd/

http://openwall.com/lists/oss-security/2011/02/23/27

http://openwall.com/lists/oss-security/2011/02/24/10

http://secunia.com/advisories/50858

http://secunia.com/advisories/51024

http://secunia.com/advisories/51040

http://securitytracker.com/id?1025489

http://svn.python.org/view?view=revision&revision=71303

http://www.mandriva.com/security/advisories?name=MDVSA-2011:096

http://www.securityfocus.com/bid/46541

http://www.ubuntu.com/usn/USN-1596-1

http://www.ubuntu.com/usn/USN-1613-1

http://www.ubuntu.com/usn/USN-1613-2

https://bugzilla.redhat.com/show_bug.cgi?id=680094

Details

Source: MITRE

Published: 2011-05-09

Updated: 2019-10-25

Type: CWE-200

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:python:python:3.0:*:*:*:*:*:*:*

Tenable Plugins

View all (19 total)

IDNameProductFamilySeverity
89105VMware ESX / ESXi Service Console and Third-Party Libraries Multiple Vulnerabilities (VMSA-2012-0001) (remote check)NessusMisc.
high
71811GLSA-201401-04 : Python: Multiple vulnerabilitiesNessusGentoo Local Security Checks
medium
68271Oracle Linux 5 : python (ELSA-2011-0492)NessusOracle Linux Local Security Checks
medium
68270Oracle Linux 4 : python (ELSA-2011-0491)NessusOracle Linux Local Security Checks
medium
64221SuSE 11.1 Security Update : libpython2_6-1_0, libpython2_6-1_0-32bit, libpython2_6-1_0-x86, python, etc (SAT Patch Number 6310)NessusSuSE Local Security Checks
medium
64220SuSE 11.1 Security Update : libpython2_6-1_0, libpython2_6-1_0-32bit, libpython2_6-1_0-x86, python, etc (SAT Patch Number 6310)NessusSuSE Local Security Checks
medium
62620Ubuntu 8.04 LTS : python2.4 vulnerabilities (USN-1613-2)NessusUbuntu Local Security Checks
medium
62619Ubuntu 8.04 LTS : python2.5 vulnerabilities (USN-1613-1)NessusUbuntu Local Security Checks
medium
62436Ubuntu 10.04 LTS / 11.04 / 11.10 : python2.6 vulnerabilities (USN-1596-1)NessusUbuntu Local Security Checks
medium
61046Scientific Linux Security Update : python on SL6.x i386/x86_64NessusScientific Linux Local Security Checks
medium
61033Scientific Linux Security Update : python on SL4.x, SL5.x i386/x86_64NessusScientific Linux Local Security Checks
medium
58891SuSE 10 Security Update : Python (ZYPP Patch Number 8080) (BEAST)NessusSuSE Local Security Checks
medium
57749VMSA-2012-0001 : VMware ESXi and ESX updates to third-party library and ESX Service ConsoleNessusVMware ESX Local Security Checks
high
54611Mandriva Linux Security Advisory : python (MDVSA-2011:096)NessusMandriva Local Security Checks
medium
54592RHEL 6 : python (RHSA-2011:0554)NessusRed Hat Local Security Checks
medium
53821RHEL 5 : python (RHSA-2011:0492)NessusRed Hat Local Security Checks
medium
53820RHEL 4 : python (RHSA-2011:0491)NessusRed Hat Local Security Checks
medium
53815CentOS 5 : python (CESA-2011:0492)NessusCentOS Local Security Checks
medium
53814CentOS 4 : python (CESA-2011:0491)NessusCentOS Local Security Checks
medium