CVE-2011-1015

Published: 09 May 2011

The is_cgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote attackers to read script source code via an HTTP GET request that lacks a / (slash) character at the beginning of the URI.

Priority

Status

Package	Release	Status
python2.4 Launchpad, Ubuntu, Debian	Upstream	Needs triage






	Patches: Vendor: https://rhn.redhat.com/errata/RHSA-2011-0492.html
python2.5 Launchpad, Ubuntu, Debian	Upstream	Needs triage






python2.6 Launchpad, Ubuntu, Debian	Upstream	Needs triage






	Patches: Vendor: https://rhn.redhat.com/errata/RHSA-2011-0554.html Other: http://hg.python.org/cpython/rev/c6c4398293bd/
python2.7 Launchpad, Ubuntu, Debian	Upstream	Released (2.7-1)

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1015
https://ubuntu.com/security/notices/USN-1596-1
https://ubuntu.com/security/notices/USN-1613-1
https://ubuntu.com/security/notices/USN-1613-2
NVD
Launchpad
Debian

Bugs

http://bugs.python.org/issue2254

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›