Back to search
CVE-2011-4940
Published: Jun 27, 2012
Modified: Aug 7, 2024
PUBLISHED
Description
The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
USN-1592-1
vendor-advisory
x_refsource_UBUNTU
JVN#51176027
third-party-advisory
x_refsource_JVN
51040
third-party-advisory
x_refsource_SECUNIA
50858
third-party-advisory
x_refsource_SECUNIA
http://bugs.python.org/issue11442
x_refsource_CONFIRM
54083
vdb-entry
x_refsource_BID
USN-1596-1
vendor-advisory
x_refsource_UBUNTU
USN-1613-2
vendor-advisory
x_refsource_UBUNTU
JVNDB-2012-000063
third-party-advisory
x_refsource_JVNDB
https://bugzilla.redhat.com/show_bug.cgi?id=803500
x_refsource_CONFIRM
51024
third-party-advisory
x_refsource_SECUNIA
USN-1613-1
vendor-advisory
x_refsource_UBUNTU
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now