Your submission was sent successfully! Close

CVE-2011-4940

Published: 27 June 2012

The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding.

Priority

Medium

Status

Package Release Status
python2.4
Launchpad, Ubuntu, Debian 		hardy
Released (2.4.5-1ubuntu4.4)
lucid Does not exist

maverick Does not exist

natty Does not exist

oneiric Does not exist

precise Does not exist

upstream Needs triage

python2.5
Launchpad, Ubuntu, Debian 		hardy
Released (2.5.2-2ubuntu6.2)
lucid Does not exist

maverick Does not exist

natty Does not exist

oneiric Does not exist

precise Does not exist

upstream
Released (2.5.6)
python2.6
Launchpad, Ubuntu, Debian 		hardy Does not exist

lucid
Released (2.6.5-1ubuntu6.1)
maverick Ignored
(reached end-of-life)
natty
Released (2.6.6-6ubuntu7.1)
oneiric Not vulnerable
(2.6.7-4ubuntu1)
precise Does not exist

upstream
Released (2.6.7-1)
python2.7
Launchpad, Ubuntu, Debian 		hardy Does not exist

lucid Does not exist

maverick Ignored
(reached end-of-life)
natty
Released (2.7.1-5ubuntu2.2)
oneiric Not vulnerable
(2.7.2-5ubuntu1)
precise Not vulnerable
(2.7.2-13ubuntu5)
upstream
Released (2.7.2-8)

Notes

AuthorNote
tyhicks 
A duplicate CVE was incorrectly assigned as CVE-2012-2639

References

Bugs

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading