CVE-2011-4940

low
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding.

References

http://bugs.python.org/issue11442

http://jvn.jp/en/jp/JVN51176027/index.html

http://jvndb.jvn.jp/jvndb/JVNDB-2012-000063

http://secunia.com/advisories/50858

http://secunia.com/advisories/51024

http://secunia.com/advisories/51040

http://www.securityfocus.com/bid/54083

http://www.ubuntu.com/usn/USN-1592-1

http://www.ubuntu.com/usn/USN-1596-1

http://www.ubuntu.com/usn/USN-1613-1

http://www.ubuntu.com/usn/USN-1613-2

https://bugzilla.redhat.com/show_bug.cgi?id=803500

Details

Source: MITRE

Published: 2012-06-27

Updated: 2019-10-25

Type: CWE-79

Risk Information

CVSS v2

Base Score: 2.6

Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 4.9

Severity: LOW

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:python:python:0.9.0:*:*:*:*:*:*:*

cpe:2.3:a:python:python:0.9.1:*:*:*:*:*:*:*

cpe:2.3:a:python:python:1.2:*:*:*:*:*:*:*

cpe:2.3:a:python:python:1.3:*:*:*:*:*:*:*

cpe:2.3:a:python:python:1.5.2:*:*:*:*:*:*:*

cpe:2.3:a:python:python:1.6:*:*:*:*:*:*:*

cpe:2.3:a:python:python:1.6.1:*:*:*:*:*:*:*

cpe:2.3:a:python:python:2.0.1:*:*:*:*:*:*:*

cpe:2.3:a:python:python:2.1.1:*:*:*:*:*:*:*

cpe:2.3:a:python:python:2.1.2:*:*:*:*:*:*:*

cpe:2.3:a:python:python:2.1.3:*:*:*:*:*:*:*

cpe:2.3:a:python:python:2.2.1:*:*:*:*:*:*:*

cpe:2.3:a:python:python:2.2.2:*:*:*:*:*:*:*

cpe:2.3:a:python:python:2.2.3:*:*:*:*:*:*:*

cpe:2.3:a:python:python:2.3.1:*:*:*:*:*:*:*

cpe:2.3:a:python:python:2.3.2:*:*:*:*:*:*:*

cpe:2.3:a:python:python:2.3.3:*:*:*:*:*:*:*

cpe:2.3:a:python:python:2.3.4:*:*:*:*:*:*:*

cpe:2.3:a:python:python:2.3.5:*:*:*:*:*:*:*

cpe:2.3:a:python:python:2.3.7:*:*:*:*:*:*:*

cpe:2.3:a:python:python:2.4.1:*:*:*:*:*:*:*

cpe:2.3:a:python:python:2.4.2:*:*:*:*:*:*:*

cpe:2.3:a:python:python:2.4.3:*:*:*:*:*:*:*

cpe:2.3:a:python:python:2.4.4:*:*:*:*:*:*:*

cpe:2.3:a:python:python:2.4.6:*:*:*:*:*:*:*

cpe:2.3:a:python:python:2.5.1:*:*:*:*:*:*:*

cpe:2.3:a:python:python:2.5.2:*:*:*:*:*:*:*

cpe:2.3:a:python:python:2.5.3:*:*:*:*:*:*:*

cpe:2.3:a:python:python:2.5.4:*:*:*:*:*:*:*

cpe:2.3:a:python:python:*:*:*:*:*:*:*:* versions up to 2.5.6 (inclusive)

Configuration 2

OR

cpe:2.3:a:python:python:2.6.1:*:*:*:*:*:*:*

cpe:2.3:a:python:python:2.6.2:*:*:*:*:*:*:*

cpe:2.3:a:python:python:2.6.3:*:*:*:*:*:*:*

cpe:2.3:a:python:python:2.6.4:*:*:*:*:*:*:*

cpe:2.3:a:python:python:2.6.5:*:*:*:*:*:*:*

cpe:2.3:a:python:python:2.6.6:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:a:python:python:2.7.1:*:*:*:*:*:*:*

cpe:2.3:a:python:python:2.7.1:rc1:*:*:*:*:*:*

cpe:2.3:a:python:python:2.7.2:rc1:*:*:*:*:*:*

Tenable Plugins

View all (16 total)

IDNameProductFamilySeverity
89039VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2012-0016) (remote check)NessusMisc.
high
69705Amazon Linux AMI : python26 (ALAS-2012-98)NessusAmazon Linux Local Security Checks
medium
68546Oracle Linux 5 : python (ELSA-2012-0745)NessusOracle Linux Local Security Checks
medium
68545Oracle Linux 6 : python (ELSA-2012-0744)NessusOracle Linux Local Security Checks
medium
62944VMSA-2012-0016 : VMware security updates for vSphere API and ESX Service ConsoleNessusVMware ESX Local Security Checks
high
62620Ubuntu 8.04 LTS : python2.4 vulnerabilities (USN-1613-2)NessusUbuntu Local Security Checks
medium
62619Ubuntu 8.04 LTS : python2.5 vulnerabilities (USN-1613-1)NessusUbuntu Local Security Checks
medium
62436Ubuntu 10.04 LTS / 11.04 / 11.10 : python2.6 vulnerabilities (USN-1596-1)NessusUbuntu Local Security Checks
medium
62410Ubuntu 11.04 / 11.10 : python2.7 vulnerabilities (USN-1592-1)NessusUbuntu Local Security Checks
medium
61333Scientific Linux Security Update : python on SL6.x i386/x86_64 (20120618)NessusScientific Linux Local Security Checks
medium
61332Scientific Linux Security Update : python on SL5.x i386/x86_64 (20120618)NessusScientific Linux Local Security Checks
medium
59635Mandriva Linux Security Advisory : python (MDVSA-2012:096)NessusMandriva Local Security Checks
medium
59570CentOS 6 : python (CESA-2012:0744)NessusCentOS Local Security Checks
medium
59564RHEL 5 : python (RHSA-2012:0745)NessusRed Hat Local Security Checks
medium
59563RHEL 6 : python (RHSA-2012:0744)NessusRed Hat Local Security Checks
medium
59560CentOS 5 : python (CESA-2012:0745)NessusCentOS Local Security Checks
medium