QwikSec

Security Database

CVE

CWE

Training

CVE-2011-1521

Published: May 24, 2011

Modified: Aug 6, 2024

PUBLISHED

Description

The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20110916 Re: CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_MANDRIVA

SUSE-SR:2011:009

vendor-advisory

x_refsource_SUSE

http://hg.python.org/cpython/rev/b2934d98dac1/

x_refsource_CONFIRM

vendor-advisory

x_refsource_UBUNTU

http://hg.python.org/cpython/rev/96a6c128822b/

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

APPLE-SA-2011-10-12-3

vendor-advisory

x_refsource_APPLE

http://bugs.python.org/issue11662

x_refsource_CONFIRM

[oss-security] 20110324 CVE Request -- Python (urllib, urllib2): Improper management of ftp:// and file:// URL schemes

mailing-list

x_refsource_MLIST

[oss-security] 20110328 Re: CVE Request -- Python (urllib, urllib2): Improper management of ftp:// and file:// URL schemes

mailing-list

x_refsource_MLIST

vdb-entry

x_refsource_SECTRACK

http://hg.python.org/cpython/file/96a6c128822b/Misc/NEWS

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=690560

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=737366

x_refsource_CONFIRM

vendor-advisory

x_refsource_UBUNTU

http://hg.python.org/cpython/file/b2934d98dac1/Misc/NEWS

x_refsource_CONFIRM

[oss-security] 20110911 CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_UBUNTU

http://support.apple.com/kb/HT5002

x_refsource_CONFIRM

https://www.djangoproject.com/weblog/2011/sep/10/127/

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_UBUNTU

[oss-security] 20110913 Re: CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws

mailing-list

x_refsource_MLIST

https://www.djangoproject.com/weblog/2011/sep/09/

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.