CVE-2011-1015

Published: 09 May 2011

The is_cgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote attackers to read script source code via an HTTP GET request that lacks a / (slash) character at the beginning of the URI.

Priority

Low

Status

Package Release Status
python2.4
Launchpad, Ubuntu, Debian
Upstream Needs triage

Patches:
Vendor: https://rhn.redhat.com/errata/RHSA-2011-0492.html
python2.5
Launchpad, Ubuntu, Debian
Upstream Needs triage

python2.6
Launchpad, Ubuntu, Debian
Upstream Needs triage

Patches:
Vendor: https://rhn.redhat.com/errata/RHSA-2011-0554.html
Other: http://hg.python.org/cpython/rev/c6c4398293bd/
python2.7
Launchpad, Ubuntu, Debian
Upstream
Released (2.7-1)