CVE-2011-1015

Published: May 9, 2011

Modified: Aug 6, 2024

PUBLISHED

Description

The is_cgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote attackers to read script source code via an HTTP GET request that lacks a / (slash) character at the beginning of the URI.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://svn.python.org/view?view=revision&revision=71303

x_refsource_CONFIRM

MDVSA-2011:096

vendor-advisory

x_refsource_MANDRIVA

https://bugzilla.redhat.com/show_bug.cgi?id=680094

x_refsource_CONFIRM

http://bugs.python.org/issue2254

x_refsource_CONFIRM

[oss-security] 20110224 Re: CVE request: Information disclosure in CGIHTTPServer from Python

mailing-list

x_refsource_MLIST

51040

third-party-advisory

x_refsource_SECUNIA

50858

third-party-advisory

x_refsource_SECUNIA

[oss-security] 20110223 CVE request: Information disclosure in CGIHTTPServer from Python

mailing-list

x_refsource_MLIST

1025489

vdb-entry

x_refsource_SECTRACK

USN-1596-1

vendor-advisory

x_refsource_UBUNTU

http://hg.python.org/cpython/rev/c6c4398293bd/

x_refsource_CONFIRM

USN-1613-2

vendor-advisory

x_refsource_UBUNTU

51024

third-party-advisory

x_refsource_SECUNIA

USN-1613-1

vendor-advisory

x_refsource_UBUNTU

46541

vdb-entry

x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2011-1015

Description

Affected Products

References