Detections
Analytics

MiracleLinux 3 : python-2.4.3-46.2.0.1.AXS3 (AXSA:2012-569:02)

medium Nessus Plugin ID 284388

Synopsis

The remote MiracleLinux host is missing one or more security updates.

Description

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-569:02 advisory.

 Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and MFC).
 Programmers can write new built-in modules for Python in C or C++. Python can be used as an extension language for applications that need a programmable interface. This package contains most of the standard Python modules, as well as modules for interfacing to the Tix widget set for Tk and RPM.
 Note that documentation for Python is provided in the python-docs package.
 Security issues fixed with this release:
 CVE-2011-4940 The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding.
 CVE-2011-4944 CVE-2012-1150 No description available at the time of writing, please use the CVE links below.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://tsn.miraclelinux.com/en/node/3084

Plugin Details

Severity: Medium

ID: 284388

File Name: miracle_linux_AXSA-2012-569.nasl

Version: 1.1

Type: local

Published: 1/14/2026

Updated: 1/14/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

Vendor

Vendor Severity: High

CVSS v2

Risk Factor: Low

Base Score: 2.6

Temporal Score: 2

Vector: CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N

CVSS Score Source: CVE-2011-4940

CVSS v3

Risk Factor: Medium

Base Score: 6.1

Temporal Score: 5.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:miracle:linux:python-libs, p-cpe:/a:miracle:linux:python-tools, p-cpe:/a:miracle:linux:tkinter, p-cpe:/a:miracle:linux:python, p-cpe:/a:miracle:linux:python-devel, cpe:/o:miracle:linux:3

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/MiracleLinux/release, Host/MiracleLinux/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/24/2012

Vulnerability Publication Date: 12/28/2011

Reference Information

CVE: CVE-2011-4940, CVE-2011-4944, CVE-2012-1150