Your submission was sent successfully! Close

CVE-2011-4940

Published: 27 June 2012

The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding.

Priority

Medium

Status

Package Release Status
python2.4
Launchpad, Ubuntu, Debian
hardy
Released (2.4.5-1ubuntu4.4)
lucid Does not exist

maverick Does not exist

natty Does not exist

oneiric Does not exist

precise Does not exist

upstream Needs triage

python2.5
Launchpad, Ubuntu, Debian
hardy
Released (2.5.2-2ubuntu6.2)
lucid Does not exist

maverick Does not exist

natty Does not exist

oneiric Does not exist

precise Does not exist

upstream
Released (2.5.6)
python2.6
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid
Released (2.6.5-1ubuntu6.1)
maverick Ignored
(reached end-of-life)
natty
Released (2.6.6-6ubuntu7.1)
oneiric Not vulnerable
(2.6.7-4ubuntu1)
precise Does not exist

upstream
Released (2.6.7-1)
python2.7
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Does not exist

maverick Ignored
(reached end-of-life)
natty
Released (2.7.1-5ubuntu2.2)
oneiric Not vulnerable
(2.7.2-5ubuntu1)
precise Not vulnerable
(2.7.2-13ubuntu5)
upstream
Released (2.7.2-8)