Vulnerability-Lookup

CVE-2011-1521 (GCVE-0-2011-1521)

Vulnerability from cvelistv5 – Published: 2011-05-24 23:00 – Updated: 2024-08-06 22:28

Summary

The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://openwall.com/lists/oss-security/2011/09/15/5	mailing-listx_refsource_MLIST
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://hg.python.org/cpython/rev/b2934d98dac1/	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-1592-1	vendor-advisoryx_refsource_UBUNTU
	http://hg.python.org/cpython/rev/96a6c128822b/	x_refsource_CONFIRM
	http://secunia.com/advisories/51040	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/50858	third-party-advisoryx_refsource_SECUNIA
	http://lists.apple.com/archives/Security-announce…	vendor-advisoryx_refsource_APPLE
	http://bugs.python.org/issue11662	x_refsource_CONFIRM
	http://openwall.com/lists/oss-security/2011/03/24/5	mailing-listx_refsource_MLIST
	http://openwall.com/lists/oss-security/2011/03/28/2	mailing-listx_refsource_MLIST
	http://securitytracker.com/id?1025488	vdb-entryx_refsource_SECTRACK
	http://hg.python.org/cpython/file/96a6c128822b/Mi…	x_refsource_CONFIRM
	https://bugzilla.redhat.com/show_bug.cgi?id=690560	x_refsource_CONFIRM
	https://bugzilla.redhat.com/show_bug.cgi?id=737366	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-1596-1	vendor-advisoryx_refsource_UBUNTU
	http://hg.python.org/cpython/file/b2934d98dac1/Mi…	x_refsource_CONFIRM
	http://openwall.com/lists/oss-security/2011/09/11/1	mailing-listx_refsource_MLIST
	http://www.ubuntu.com/usn/USN-1613-2	vendor-advisoryx_refsource_UBUNTU
	http://support.apple.com/kb/HT5002	x_refsource_CONFIRM
	https://www.djangoproject.com/weblog/2011/sep/10/127/	x_refsource_CONFIRM
	http://secunia.com/advisories/51024	third-party-advisoryx_refsource_SECUNIA
	http://www.ubuntu.com/usn/USN-1613-1	vendor-advisoryx_refsource_UBUNTU
	http://openwall.com/lists/oss-security/2011/09/13/2	mailing-listx_refsource_MLIST
	https://www.djangoproject.com/weblog/2011/sep/09/	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:28:41.789Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20110916 Re: CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/09/15/5"
          },
          {
            "name": "MDVSA-2011:096",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:096"
          },
          {
            "name": "SUSE-SR:2011:009",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://hg.python.org/cpython/rev/b2934d98dac1/"
          },
          {
            "name": "USN-1592-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1592-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://hg.python.org/cpython/rev/96a6c128822b/"
          },
          {
            "name": "51040",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/51040"
          },
          {
            "name": "50858",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50858"
          },
          {
            "name": "APPLE-SA-2011-10-12-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.python.org/issue11662"
          },
          {
            "name": "[oss-security] 20110324 CVE Request -- Python (urllib, urllib2): Improper management of ftp:// and file:// URL schemes",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/03/24/5"
          },
          {
            "name": "[oss-security] 20110328 Re: CVE Request -- Python (urllib, urllib2): Improper management of ftp:// and file:// URL schemes",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/03/28/2"
          },
          {
            "name": "1025488",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1025488"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://hg.python.org/cpython/file/96a6c128822b/Misc/NEWS"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=690560"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=737366"
          },
          {
            "name": "USN-1596-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1596-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://hg.python.org/cpython/file/b2934d98dac1/Misc/NEWS"
          },
          {
            "name": "[oss-security] 20110911 CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/09/11/1"
          },
          {
            "name": "USN-1613-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1613-2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT5002"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.djangoproject.com/weblog/2011/sep/10/127/"
          },
          {
            "name": "51024",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/51024"
          },
          {
            "name": "USN-1613-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1613-1"
          },
          {
            "name": "[oss-security] 20110913 Re: CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/09/13/2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.djangoproject.com/weblog/2011/sep/09/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-03-24T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-02-10T16:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[oss-security] 20110916 Re: CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/09/15/5"
        },
        {
          "name": "MDVSA-2011:096",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:096"
        },
        {
          "name": "SUSE-SR:2011:009",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://hg.python.org/cpython/rev/b2934d98dac1/"
        },
        {
          "name": "USN-1592-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1592-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://hg.python.org/cpython/rev/96a6c128822b/"
        },
        {
          "name": "51040",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/51040"
        },
        {
          "name": "50858",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50858"
        },
        {
          "name": "APPLE-SA-2011-10-12-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.python.org/issue11662"
        },
        {
          "name": "[oss-security] 20110324 CVE Request -- Python (urllib, urllib2): Improper management of ftp:// and file:// URL schemes",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/03/24/5"
        },
        {
          "name": "[oss-security] 20110328 Re: CVE Request -- Python (urllib, urllib2): Improper management of ftp:// and file:// URL schemes",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/03/28/2"
        },
        {
          "name": "1025488",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1025488"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://hg.python.org/cpython/file/96a6c128822b/Misc/NEWS"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=690560"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=737366"
        },
        {
          "name": "USN-1596-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1596-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://hg.python.org/cpython/file/b2934d98dac1/Misc/NEWS"
        },
        {
          "name": "[oss-security] 20110911 CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/09/11/1"
        },
        {
          "name": "USN-1613-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1613-2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT5002"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.djangoproject.com/weblog/2011/sep/10/127/"
        },
        {
          "name": "51024",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/51024"
        },
        {
          "name": "USN-1613-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1613-1"
        },
        {
          "name": "[oss-security] 20110913 Re: CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/09/13/2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.djangoproject.com/weblog/2011/sep/09/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-1521",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20110916 Re: CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2011/09/15/5"
            },
            {
              "name": "MDVSA-2011:096",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:096"
            },
            {
              "name": "SUSE-SR:2011:009",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
            },
            {
              "name": "http://hg.python.org/cpython/rev/b2934d98dac1/",
              "refsource": "CONFIRM",
              "url": "http://hg.python.org/cpython/rev/b2934d98dac1/"
            },
            {
              "name": "USN-1592-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1592-1"
            },
            {
              "name": "http://hg.python.org/cpython/rev/96a6c128822b/",
              "refsource": "CONFIRM",
              "url": "http://hg.python.org/cpython/rev/96a6c128822b/"
            },
            {
              "name": "51040",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/51040"
            },
            {
              "name": "50858",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/50858"
            },
            {
              "name": "APPLE-SA-2011-10-12-3",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
            },
            {
              "name": "http://bugs.python.org/issue11662",
              "refsource": "CONFIRM",
              "url": "http://bugs.python.org/issue11662"
            },
            {
              "name": "[oss-security] 20110324 CVE Request -- Python (urllib, urllib2): Improper management of ftp:// and file:// URL schemes",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2011/03/24/5"
            },
            {
              "name": "[oss-security] 20110328 Re: CVE Request -- Python (urllib, urllib2): Improper management of ftp:// and file:// URL schemes",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2011/03/28/2"
            },
            {
              "name": "1025488",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1025488"
            },
            {
              "name": "http://hg.python.org/cpython/file/96a6c128822b/Misc/NEWS",
              "refsource": "CONFIRM",
              "url": "http://hg.python.org/cpython/file/96a6c128822b/Misc/NEWS"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=690560",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=690560"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=737366",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=737366"
            },
            {
              "name": "USN-1596-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1596-1"
            },
            {
              "name": "http://hg.python.org/cpython/file/b2934d98dac1/Misc/NEWS",
              "refsource": "CONFIRM",
              "url": "http://hg.python.org/cpython/file/b2934d98dac1/Misc/NEWS"
            },
            {
              "name": "[oss-security] 20110911 CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2011/09/11/1"
            },
            {
              "name": "USN-1613-2",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1613-2"
            },
            {
              "name": "http://support.apple.com/kb/HT5002",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT5002"
            },
            {
              "name": "https://www.djangoproject.com/weblog/2011/sep/10/127/",
              "refsource": "CONFIRM",
              "url": "https://www.djangoproject.com/weblog/2011/sep/10/127/"
            },
            {
              "name": "51024",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/51024"
            },
            {
              "name": "USN-1613-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1613-1"
            },
            {
              "name": "[oss-security] 20110913 Re: CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2011/09/13/2"
            },
            {
              "name": "https://www.djangoproject.com/weblog/2011/sep/09/",
              "refsource": "CONFIRM",
              "url": "https://www.djangoproject.com/weblog/2011/sep/09/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-1521",
    "datePublished": "2011-05-24T23:00:00.000Z",
    "dateReserved": "2011-03-28T00:00:00.000Z",
    "dateUpdated": "2024-08-06T22:28:41.789Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2012-AVI-046

Vulnerability from certfr_avis - Published: 2012-02-01 - Updated: 2012-02-01

Un grand nombre de vulnérabilités, dont certaines permettent d'exécuter du code arbitraire à distance, sont présentes dans VMware ESX et VMware ESXi.

Description

Un grand nombre de vulnérabilités existe dans VMWare ESX et VMware ESXi dont certaines, particulièrement critiques, peuvent conduire à une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	VMware	ESXi	VMware ESXi 4.1 ;
	VMware	ESXi	VMware ESX 4.1.

References

Title

Publication Time

Tags

Bulletin de sécurité VMware VMSA-2012-0001 du 30 janvier 2012	None	vendor-advisory
Bulletin de sécurité VMware VMSA-2012-0001 du 30 janvier 2012 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VMware ESXi 4.1 ;",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX 4.1.",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUn grand nombre de vuln\u00e9rabilit\u00e9s existe dans VMWare ESX et VMware ESXi\ndont certaines, particuli\u00e8rement critiques, peuvent conduire \u00e0 une\nex\u00e9cution de code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-1170",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1170"
    },
    {
      "name": "CVE-2010-1634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1634"
    },
    {
      "name": "CVE-2010-2059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2059"
    },
    {
      "name": "CVE-2011-2901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2901"
    },
    {
      "name": "CVE-2011-2694",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2694"
    },
    {
      "name": "CVE-2011-2213",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2213"
    },
    {
      "name": "CVE-2010-4649",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4649"
    },
    {
      "name": "CVE-2009-3560",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3560"
    },
    {
      "name": "CVE-2011-1494",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1494"
    },
    {
      "name": "CVE-2011-1044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1044"
    },
    {
      "name": "CVE-2011-3378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3378"
    },
    {
      "name": "CVE-2011-2022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2022"
    },
    {
      "name": "CVE-2011-1080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1080"
    },
    {
      "name": "CVE-2011-1746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1746"
    },
    {
      "name": "CVE-2011-0695",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0695"
    },
    {
      "name": "CVE-2011-2522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2522"
    },
    {
      "name": "CVE-2011-1745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1745"
    },
    {
      "name": "CVE-2011-1780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1780"
    },
    {
      "name": "CVE-2011-1078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1078"
    },
    {
      "name": "CVE-2010-3493",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3493"
    },
    {
      "name": "CVE-2011-1776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1776"
    },
    {
      "name": "CVE-2011-1171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1171"
    },
    {
      "name": "CVE-2011-1936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1936"
    },
    {
      "name": "CVE-2011-1678",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1678"
    },
    {
      "name": "CVE-2011-1593",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1593"
    },
    {
      "name": "CVE-2011-1182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1182"
    },
    {
      "name": "CVE-2011-1093",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1093"
    },
    {
      "name": "CVE-2011-2517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2517"
    },
    {
      "name": "CVE-2011-1521",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1521"
    },
    {
      "name": "CVE-2011-1763",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1763"
    },
    {
      "name": "CVE-2011-2192",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2192"
    },
    {
      "name": "CVE-2011-0726",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0726"
    },
    {
      "name": "CVE-2011-1015",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1015"
    },
    {
      "name": "CVE-2011-2492",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2492"
    },
    {
      "name": "CVE-2011-1079",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1079"
    },
    {
      "name": "CVE-2011-2525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2525"
    },
    {
      "name": "CVE-2011-2482",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2482"
    },
    {
      "name": "CVE-2011-1573",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1573"
    },
    {
      "name": "CVE-2011-1166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1166"
    },
    {
      "name": "CVE-2011-2689",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2689"
    },
    {
      "name": "CVE-2010-0787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0787"
    },
    {
      "name": "CVE-2011-1172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1172"
    },
    {
      "name": "CVE-2011-1163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1163"
    },
    {
      "name": "CVE-2010-2089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2089"
    },
    {
      "name": "CVE-2010-0547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0547"
    },
    {
      "name": "CVE-2009-3720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3720"
    },
    {
      "name": "CVE-2011-1577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1577"
    },
    {
      "name": "CVE-2011-2519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2519"
    },
    {
      "name": "CVE-2011-1495",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1495"
    },
    {
      "name": "CVE-2011-0711",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0711"
    },
    {
      "name": "CVE-2011-2491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2491"
    },
    {
      "name": "CVE-2011-1576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1576"
    },
    {
      "name": "CVE-2011-2495",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2495"
    }
  ],
  "initial_release_date": "2012-02-01T00:00:00",
  "last_revision_date": "2012-02-01T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2012-0001 du 30 janvier    2012 :",
      "url": "http://www.vmware.com/security/advisories/VMSA-2012-0001.html"
    }
  ],
  "reference": "CERTA-2012-AVI-046",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-02-01T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Un grand nombre de vuln\u00e9rabilit\u00e9s, dont certaines permettent d\u0027ex\u00e9cuter\ndu code arbitraire \u00e0 distance, sont pr\u00e9sentes dans VMware ESX et VMware\nESXi.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans VMware ESX et ESXi",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2012-0001 du 30 janvier 2012",
      "url": null
    }
  ]
}

CERTA-2011-AVI-564

Vulnerability from certfr_avis - Published: 2011-10-13 - Updated: 2011-10-13

Plusieurs vulnérabilités présentes dans Mac OS X ont été corrigées.

Description

De multiples vulnérabilités découvertes dans Mac OS X permettent à une personne malveillante d'exécuter du code arbitraire à distance avec potentiellement des privilèges élevés, de provoquer un déni de service, de contourner la politique de sécurité du système, de porter atteinte à la confidentialité et à l'intégrité des données ou encore de réaliser une injection de code indirecte.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	Mac OS X v10.6.8 ;
Apple	N/A	Mac OS X Lion Server v10.7 et v10.7.1 ;
Apple	N/A	Mac OS X Server v10.7 et v10.7.1.
Apple	N/A	Mac OS X Server v10.6.8 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT5002 du 12 octobre 2011	None	vendor-advisory
Référence CVE CVE-2010-3436 :	-	other
Référence CVE CVE-2011-0708 :	-	other
Référence CVE CVE-2011-1467 :	-	other
Référence CVE CVE-2011-1910 :	-	other
Référence CVE CVE-2011-3217 :	-	other
Référence CVE CVE-2011-1153 :	-	other
Référence CVE CVE-2011-3220 :	-	other
Référence CVE CVE-2010-3614 :	-	other
Référence CVE CVE-2011-0420 :	-	other
Référence CVE CVE-2011-0411 :	-	other
Référence CVE CVE-2011-0224 :	-	other
Référence CVE CVE-2010-3613 :	-	other
Référence CVE CVE-2011-3225 :	-	other
Référence CVE CVE-2011-0249 :	-	other
Référence CVE CVE-2011-3227 :	-	other
Référence CVE CVE-2011-1521 :	-	other
Référence CVE CVE-2011-0185 :	-	other
Référence CVE CVE-2011-0252 :	-	other
Référence CVE CVE-2011-0226 :	-	other
Référence CVE CVE-2010-4645 :	-	other
Référence CVE CVE-2011-3213 :	-	other
Référence CVE CVE-2011-3221 :	-	other
Référence CVE CVE-2011-1471 :	-	other
Référence CVE CVE-2011-3435 :	-	other
Référence CVE CVE-2011-3218 :	-	other
Référence CVE CVE-2011-0013 :	-	other
Référence CVE CVE-2010-1634 :	-	other
Référence CVE CVE-2011-0250 :	-	other
Référence CVE CVE-2011-3224 :	-	other
Référence CVE CVE-2011-0259 :	-	other
Référence CVE CVE-2011-2690 :	-	other
Référence CVE CVE-2011-3226 :	-	other
Référence CVE CVE-2011-3216 :	-	other
Référence CVE CVE-2011-3212 :	-	other
Référence CVE CVE-2010-2089 :	-	other
Référence CVE CVE-2010-3718 :	-	other
Référence CVE CVE-2011-0260 :	-	other
Référence CVE CVE-2011-3214 :	-	other
Référence CVE CVE-2010-1157 :	-	other
Référence CVE CVE-2011-0707 :	-	other
Référence CVE CVE-2011-3223 :	-	other
Référence CVE CVE-2011-3246 :	-	other
Référence CVE CVE-2010-2227 :	-	other
Référence CVE CVE-2010-4172 :	-	other
Référence CVE CVE-2011-3436 :	-	other
Référence CVE CVE-2011-2691 :	-	other
Référence CVE CVE-2011-3437 :	-	other
Référence CVE CVE-2009-4022 :	-	other
Référence CVE CVE-2011-0187 :	-	other
Référence CVE CVE-2011-3192 :	-	other
Référence CVE CVE-2011-1755 :	-	other
Référence CVE CVE-2010-0097 :	-	other
Référence CVE CVE-2011-0419 :	-	other
Référence CVE CVE-2011-1466 :	-	other
Référence CVE CVE-2011-0421 :	-	other
Référence CVE CVE-2011-0251 :	-	other
Référence CVE CVE-2011-3219 :	-	other
Référence CVE CVE-2011-0229 :	-	other
Référence CVE CVE-2011-3222 :	-	other
Référence CVE CVE-2011-0534 :	-	other
Référence CVE CVE-2011-3228 :	-	other
Référence CVE CVE-2011-3215 :	-	other
Référence CVE CVE-2011-1092 :	-	other
Référence CVE CVE-2011-0230 :	-	other
Référence CVE CVE-2011-1470 :	-	other
Référence CVE CVE-2011-0231 :	-	other
Référence CVE CVE-2011-2692 :	-	other
Référence CVE CVE-2011-1468 :	-	other
Référence CVE CVE-2011-2464 :	-	other
Référence CVE CVE-2011-1469 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mac OS X v10.6.8 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Lion Server v10.7 et v10.7.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server v10.7 et v10.7.1.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server v10.6.8 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s d\u00e9couvertes dans Mac OS X permettent \u00e0 une\npersonne malveillante d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance avec\npotentiellement des privil\u00e8ges \u00e9lev\u00e9s, de provoquer un d\u00e9ni de service,\nde contourner la politique de s\u00e9curit\u00e9 du syst\u00e8me, de porter atteinte \u00e0\nla confidentialit\u00e9 et \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es ou encore de r\u00e9aliser\nune injection de code indirecte.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-3216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3216"
    },
    {
      "name": "CVE-2011-3436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3436"
    },
    {
      "name": "CVE-2010-1634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1634"
    },
    {
      "name": "CVE-2011-3214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3214"
    },
    {
      "name": "CVE-2011-0187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0187"
    },
    {
      "name": "CVE-2011-3192",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3192"
    },
    {
      "name": "CVE-2011-3228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3228"
    },
    {
      "name": "CVE-2011-0421",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0421"
    },
    {
      "name": "CVE-2011-0259",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0259"
    },
    {
      "name": "CVE-2011-3221",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3221"
    },
    {
      "name": "CVE-2010-4172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4172"
    },
    {
      "name": "CVE-2011-3217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3217"
    },
    {
      "name": "CVE-2011-3219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3219"
    },
    {
      "name": "CVE-2011-0534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0534"
    },
    {
      "name": "CVE-2011-0230",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0230"
    },
    {
      "name": "CVE-2011-0229",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0229"
    },
    {
      "name": "CVE-2011-1471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1471"
    },
    {
      "name": "CVE-2011-3222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3222"
    },
    {
      "name": "CVE-2011-1466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1466"
    },
    {
      "name": "CVE-2011-0226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0226"
    },
    {
      "name": "CVE-2011-0013",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0013"
    },
    {
      "name": "CVE-2011-0231",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0231"
    },
    {
      "name": "CVE-2011-3213",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3213"
    },
    {
      "name": "CVE-2009-4022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4022"
    },
    {
      "name": "CVE-2011-1153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1153"
    },
    {
      "name": "CVE-2011-3218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3218"
    },
    {
      "name": "CVE-2011-2692",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2692"
    },
    {
      "name": "CVE-2010-4645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4645"
    },
    {
      "name": "CVE-2011-0249",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0249"
    },
    {
      "name": "CVE-2011-3212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3212"
    },
    {
      "name": "CVE-2011-0250",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0250"
    },
    {
      "name": "CVE-2011-1092",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1092"
    },
    {
      "name": "CVE-2011-3227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3227"
    },
    {
      "name": "CVE-2011-1469",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1469"
    },
    {
      "name": "CVE-2010-2227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2227"
    },
    {
      "name": "CVE-2011-1910",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1910"
    },
    {
      "name": "CVE-2011-3220",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3220"
    },
    {
      "name": "CVE-2011-0708",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0708"
    },
    {
      "name": "CVE-2010-3614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3614"
    },
    {
      "name": "CVE-2011-3224",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3224"
    },
    {
      "name": "CVE-2011-3226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3226"
    },
    {
      "name": "CVE-2011-0260",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0260"
    },
    {
      "name": "CVE-2011-2690",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2690"
    },
    {
      "name": "CVE-2011-3215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3215"
    },
    {
      "name": "CVE-2010-3613",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3613"
    },
    {
      "name": "CVE-2011-1521",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1521"
    },
    {
      "name": "CVE-2011-1467",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1467"
    },
    {
      "name": "CVE-2011-1755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1755"
    },
    {
      "name": "CVE-2011-3246",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3246"
    },
    {
      "name": "CVE-2011-3435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3435"
    },
    {
      "name": "CVE-2011-2691",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2691"
    },
    {
      "name": "CVE-2011-3437",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3437"
    },
    {
      "name": "CVE-2011-0251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0251"
    },
    {
      "name": "CVE-2011-1470",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1470"
    },
    {
      "name": "CVE-2011-3225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3225"
    },
    {
      "name": "CVE-2011-0411",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0411"
    },
    {
      "name": "CVE-2010-3718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3718"
    },
    {
      "name": "CVE-2011-2464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2464"
    },
    {
      "name": "CVE-2010-3436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3436"
    },
    {
      "name": "CVE-2010-0097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0097"
    },
    {
      "name": "CVE-2011-0707",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0707"
    },
    {
      "name": "CVE-2011-0252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0252"
    },
    {
      "name": "CVE-2011-0224",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0224"
    },
    {
      "name": "CVE-2010-2089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2089"
    },
    {
      "name": "CVE-2011-0420",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0420"
    },
    {
      "name": "CVE-2010-1157",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1157"
    },
    {
      "name": "CVE-2011-0419",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0419"
    },
    {
      "name": "CVE-2011-1468",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1468"
    },
    {
      "name": "CVE-2011-3223",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3223"
    },
    {
      "name": "CVE-2011-0185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0185"
    }
  ],
  "initial_release_date": "2011-10-13T00:00:00",
  "last_revision_date": "2011-10-13T00:00:00",
  "links": [
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2010-3436 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2010-3436"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-0708 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0708"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-1467 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-1467"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-1910 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-1910"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-3217 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3217"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-1153 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-1153"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-3220 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3220"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2010-3614 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2010-3614"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-0420 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0420"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-0411 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0411"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-0224 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0224"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2010-3613 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2010-3613"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-3225 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3225"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-0249 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0249"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-3227 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3227"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-1521 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-1521"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-0185 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0185"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-0252 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0252"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-0226 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0226"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2010-4645 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2010-4645"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-3213 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3213"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-3221 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3221"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-1471 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-1471"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-3435 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3435"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-3218 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3218"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-0013 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0013"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2010-1634 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2010-1634"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-0250 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0250"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-3224 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3224"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-0259 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0259"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-2690 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-2690"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-3226 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3226"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-3216 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3216"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-3212 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3212"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2010-2089 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2010-2089"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2010-3718 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2010-3718"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-0260 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0260"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-3214 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3214"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2010-1157 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2010-1157"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-0707 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0707"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-3223 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3223"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-3246 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3246"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2010-2227 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2010-2227"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2010-4172 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2010-4172"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-3436 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3436"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-2691 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-2691"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-3437 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3437"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2009-4022 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2009-4022"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-0187 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0187"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-3192 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3192"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-1755 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-1755"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2010-0097 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2010-0097"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-0419 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0419"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-1466 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-1466"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-0421 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0421"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-0251 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0251"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-3219 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3219"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-0229 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0229"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-3222 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3222"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-0534 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0534"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-3228 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3228"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-3215 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-3215"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-1092 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-1092"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-0230 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0230"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-1470 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-1470"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-0231 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-0231"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-2692 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-2692"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-1468 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-1468"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-2464 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-2464"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2011-1469 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename-cgi?name=CVE-2011-1469"
    }
  ],
  "reference": "CERTA-2011-AVI-564",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-10-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans Mac OS X ont \u00e9t\u00e9 corrig\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple Mac OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT5002 du 12 octobre 2011",
      "url": "http://docs.info.apple.com/article.html?artnum=HT5002"
    }
  ]
}

GHSA-CQ22-FW8F-MVCW

Vulnerability from github – Published: 2022-05-13 01:31 – Updated: 2025-04-11 03:47

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2011-1521"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-05-24T23:55:00Z",
    "severity": "MODERATE"
  },
  "details": "The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs.",
  "id": "GHSA-cq22-fw8f-mvcw",
  "modified": "2025-04-11T03:47:15Z",
  "published": "2022-05-13T01:31:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1521"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=690560"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=737366"
    },
    {
      "type": "WEB",
      "url": "https://www.djangoproject.com/weblog/2011/sep/09"
    },
    {
      "type": "WEB",
      "url": "https://www.djangoproject.com/weblog/2011/sep/10/127"
    },
    {
      "type": "WEB",
      "url": "http://bugs.python.org/issue11662"
    },
    {
      "type": "WEB",
      "url": "http://hg.python.org/cpython/file/96a6c128822b/Misc/NEWS"
    },
    {
      "type": "WEB",
      "url": "http://hg.python.org/cpython/file/b2934d98dac1/Misc/NEWS"
    },
    {
      "type": "WEB",
      "url": "http://hg.python.org/cpython/rev/96a6c128822b"
    },
    {
      "type": "WEB",
      "url": "http://hg.python.org/cpython/rev/b2934d98dac1"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2011/03/24/5"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2011/03/28/2"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2011/09/11/1"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2011/09/13/2"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2011/09/15/5"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/50858"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/51024"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/51040"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1025488"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT5002"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:096"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-1592-1"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-1596-1"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-1613-1"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-1613-2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2011-1521

Vulnerability from fkie_nvd - Published: 2011-05-24 23:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://bugs.python.org/issue11662	Patch
cve@mitre.org	http://hg.python.org/cpython/file/96a6c128822b/Misc/NEWS
cve@mitre.org	http://hg.python.org/cpython/file/b2934d98dac1/Misc/NEWS
cve@mitre.org	http://hg.python.org/cpython/rev/96a6c128822b/	Patch
cve@mitre.org	http://hg.python.org/cpython/rev/b2934d98dac1/	Patch
cve@mitre.org	http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
cve@mitre.org	http://openwall.com/lists/oss-security/2011/03/24/5
cve@mitre.org	http://openwall.com/lists/oss-security/2011/03/28/2
cve@mitre.org	http://openwall.com/lists/oss-security/2011/09/11/1
cve@mitre.org	http://openwall.com/lists/oss-security/2011/09/13/2
cve@mitre.org	http://openwall.com/lists/oss-security/2011/09/15/5
cve@mitre.org	http://secunia.com/advisories/50858
cve@mitre.org	http://secunia.com/advisories/51024
cve@mitre.org	http://secunia.com/advisories/51040
cve@mitre.org	http://securitytracker.com/id?1025488
cve@mitre.org	http://support.apple.com/kb/HT5002
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2011:096
cve@mitre.org	http://www.ubuntu.com/usn/USN-1592-1
cve@mitre.org	http://www.ubuntu.com/usn/USN-1596-1
cve@mitre.org	http://www.ubuntu.com/usn/USN-1613-1
cve@mitre.org	http://www.ubuntu.com/usn/USN-1613-2
cve@mitre.org	https://bugzilla.redhat.com/show_bug.cgi?id=690560	Patch
cve@mitre.org	https://bugzilla.redhat.com/show_bug.cgi?id=737366
cve@mitre.org	https://www.djangoproject.com/weblog/2011/sep/09/
cve@mitre.org	https://www.djangoproject.com/weblog/2011/sep/10/127/
af854a3a-2127-422b-91ae-364da2661108	http://bugs.python.org/issue11662	Patch
af854a3a-2127-422b-91ae-364da2661108	http://hg.python.org/cpython/file/96a6c128822b/Misc/NEWS
af854a3a-2127-422b-91ae-364da2661108	http://hg.python.org/cpython/file/b2934d98dac1/Misc/NEWS
af854a3a-2127-422b-91ae-364da2661108	http://hg.python.org/cpython/rev/96a6c128822b/	Patch
af854a3a-2127-422b-91ae-364da2661108	http://hg.python.org/cpython/rev/b2934d98dac1/	Patch
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
af854a3a-2127-422b-91ae-364da2661108	http://openwall.com/lists/oss-security/2011/03/24/5
af854a3a-2127-422b-91ae-364da2661108	http://openwall.com/lists/oss-security/2011/03/28/2
af854a3a-2127-422b-91ae-364da2661108	http://openwall.com/lists/oss-security/2011/09/11/1
af854a3a-2127-422b-91ae-364da2661108	http://openwall.com/lists/oss-security/2011/09/13/2
af854a3a-2127-422b-91ae-364da2661108	http://openwall.com/lists/oss-security/2011/09/15/5
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/50858
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/51024
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/51040
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1025488
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT5002
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2011:096
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-1592-1
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-1596-1
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-1613-1
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-1613-2
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=690560	Patch
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=737366
af854a3a-2127-422b-91ae-364da2661108	https://www.djangoproject.com/weblog/2011/sep/09/
af854a3a-2127-422b-91ae-364da2661108	https://www.djangoproject.com/weblog/2011/sep/10/127/

Impacted products

Vendor	Product	Version
python	python	2.0
python	python	2.0.1
python	python	2.1
python	python	2.1.1
python	python	2.1.2
python	python	2.1.3
python	python	2.2
python	python	2.2.1
python	python	2.2.2
python	python	2.2.3
python	python	2.3.1
python	python	2.3.2
python	python	2.3.3
python	python	2.3.4
python	python	2.3.5
python	python	2.3.7
python	python	2.4.1
python	python	2.4.2
python	python	2.4.3
python	python	2.4.4
python	python	2.4.6
python	python	2.5.1
python	python	2.5.2
python	python	2.5.3
python	python	2.5.4
python	python	2.6.1
python	python	2.6.4
python	python	2.6.5
python	python	2.6.6
python	python	2.6.7
python	python	2.7.1
python	python	3.0
python	python	3.0.1
python	python	3.1
python	python	3.1.1
python	python	3.1.2
python	python	3.1.3
python	python	3.2
python	python	3.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:python:python:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD5A27DB-0113-4DE3-9CA0-0792CC7795AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEB6ED07-C176-496D-B9CA-F24933D71999",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3870A704-5D26-4999-9C49-19AE9E88AAE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A223BB3-DD5A-48C9-9C82-5D1C4F122828",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:2.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C14973EE-5A2E-4935-8D29-594761502D72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:2.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E502388-0A87-4503-8EC9-8A43E8BF43E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E9C3C11-0D4F-44AB-BCA0-4963F1BF67DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3CD168A-2180-44C8-8784-3B32589904BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:2.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB30EAAD-5CF0-41DD-909B-C6AD94D88ABB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:2.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "569FAD3A-17DF-424A-AF93-B0720D48D6B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:2.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BD8ED56-5568-4461-B94A-0B5C1EF8C01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:2.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "396FFF60-8F61-43E5-BF0C-A0C319714247",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:2.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "75872F94-A537-4E57-8325-3426DB5D6C75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:2.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A038A64-E659-47BB-B2C6-8FD151684CBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:2.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A82F7C03-C9D3-4B83-AF74-30981EC25431",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:2.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "02839080-EFB1-4F63-9D4E-45E26D82ECF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "00C353D0-C579-4C0B-AD7D-9E56353F2BF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:2.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FB87E45-DBC2-4D0F-B4E9-38585D2F92A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:2.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "976E5CD0-3A1E-43E6-9C34-B8F1EE1AB863",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:2.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "179EDC23-2328-4BB6-98D5-7C1A975A0C46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:2.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "87B6E723-EC9D-44EF-9DB8-8A229E0ABBB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:2.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "12D3CD4F-0C58-46F4-939D-FDF19BC98729",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:2.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D13FC75-3979-40A8-A1FE-EF86EB15C8A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:2.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "78AE8C3C-53A1-408A-BA23-1EBA1E6A0E4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:2.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA59C66F-E469-42C1-9745-330E35AE5A26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "244740D0-CACA-4607-964C-F0F46153653D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:2.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E852D2C6-D744-4311-97B3-CAEF073D6585",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:2.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "845FBD14-4175-49F1-B762-4F550CEF5B0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:2.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "84E7646B-BC7C-4ED6-925B-268291F31610",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:2.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CD6B328-E333-48C3-B2CC-41EC95321B7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:2.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CE2063E-5B74-4731-885F-80D2D7B15604",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:python:python:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC0C702F-59E0-40AB-BA95-8F0803AB0550",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3190C547-7230-476C-A43F-641FE7B891EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "74AC7EE5-F01D-4F28-80D1-4076B7B24BA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B547525-E0DB-4D64-8ED1-AF3F1B6FF65F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:3.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "19064C18-1CD7-4F10-8065-4B900BB31F83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:3.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1997CB6-FD72-4B13-915A-7500AA06F4B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "87845E79-F4A3-4390-9ACF-A14E86BCDB10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:3.2:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "E2C8F3C4-91AB-4AE3-A2FB-A093F97742FD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs."
    },
    {
      "lang": "es",
      "value": "Los m\u00f3dulos urllib y urllib2 en Python v2.x anteriores a v2.7.2 y v3.x anteriores a v3.2.1 procesan los encabezados de ubicaci\u00f3n que especificar la redirecci\u00f3n del fichero: URLs, lo que hace que sea m\u00e1s f\u00e1cil para los atacantes remotos obtener informaci\u00f3n sensible o provocar una denegaci\u00f3n de servicio (consumo de recursos) a trav\u00e9s de una URL manipulada, como lo demuestra lso ficheros URLs: //etc/passwd y //dev/zero."
    }
  ],
  "id": "CVE-2011-1521",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-05-24T23:55:02.840",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://bugs.python.org/issue11662"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://hg.python.org/cpython/file/96a6c128822b/Misc/NEWS"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://hg.python.org/cpython/file/b2934d98dac1/Misc/NEWS"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://hg.python.org/cpython/rev/96a6c128822b/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://hg.python.org/cpython/rev/b2934d98dac1/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://openwall.com/lists/oss-security/2011/03/24/5"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://openwall.com/lists/oss-security/2011/03/28/2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://openwall.com/lists/oss-security/2011/09/11/1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://openwall.com/lists/oss-security/2011/09/13/2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://openwall.com/lists/oss-security/2011/09/15/5"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/50858"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/51024"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/51040"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1025488"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.apple.com/kb/HT5002"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:096"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/USN-1592-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/USN-1596-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/USN-1613-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/USN-1613-2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=690560"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=737366"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.djangoproject.com/weblog/2011/sep/09/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.djangoproject.com/weblog/2011/sep/10/127/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://bugs.python.org/issue11662"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://hg.python.org/cpython/file/96a6c128822b/Misc/NEWS"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://hg.python.org/cpython/file/b2934d98dac1/Misc/NEWS"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://hg.python.org/cpython/rev/96a6c128822b/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://hg.python.org/cpython/rev/b2934d98dac1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://openwall.com/lists/oss-security/2011/03/24/5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://openwall.com/lists/oss-security/2011/03/28/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://openwall.com/lists/oss-security/2011/09/11/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://openwall.com/lists/oss-security/2011/09/13/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://openwall.com/lists/oss-security/2011/09/15/5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/50858"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/51024"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/51040"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1025488"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT5002"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:096"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1592-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1596-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1613-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1613-2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=690560"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=737366"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.djangoproject.com/weblog/2011/sep/09/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.djangoproject.com/weblog/2011/sep/10/127/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2011-1521

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2011-1521

Aliases

CVE-2011-1521

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2011-1521",
    "description": "The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs.",
    "id": "GSD-2011-1521",
    "references": [
      "https://www.suse.com/security/cve/CVE-2011-1521.html",
      "https://access.redhat.com/errata/RHSA-2011:0554",
      "https://access.redhat.com/errata/RHSA-2011:0492",
      "https://access.redhat.com/errata/RHSA-2011:0491",
      "https://linux.oracle.com/cve/CVE-2011-1521.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2011-1521"
      ],
      "details": "The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs.",
      "id": "GSD-2011-1521",
      "modified": "2023-12-13T01:19:08.497325Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2011-1521",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "[oss-security] 20110916 Re: CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws",
            "refsource": "MLIST",
            "url": "http://openwall.com/lists/oss-security/2011/09/15/5"
          },
          {
            "name": "MDVSA-2011:096",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:096"
          },
          {
            "name": "SUSE-SR:2011:009",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
          },
          {
            "name": "http://hg.python.org/cpython/rev/b2934d98dac1/",
            "refsource": "CONFIRM",
            "url": "http://hg.python.org/cpython/rev/b2934d98dac1/"
          },
          {
            "name": "USN-1592-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/USN-1592-1"
          },
          {
            "name": "http://hg.python.org/cpython/rev/96a6c128822b/",
            "refsource": "CONFIRM",
            "url": "http://hg.python.org/cpython/rev/96a6c128822b/"
          },
          {
            "name": "51040",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/51040"
          },
          {
            "name": "50858",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/50858"
          },
          {
            "name": "APPLE-SA-2011-10-12-3",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
          },
          {
            "name": "http://bugs.python.org/issue11662",
            "refsource": "CONFIRM",
            "url": "http://bugs.python.org/issue11662"
          },
          {
            "name": "[oss-security] 20110324 CVE Request -- Python (urllib, urllib2): Improper management of ftp:// and file:// URL schemes",
            "refsource": "MLIST",
            "url": "http://openwall.com/lists/oss-security/2011/03/24/5"
          },
          {
            "name": "[oss-security] 20110328 Re: CVE Request -- Python (urllib, urllib2): Improper management of ftp:// and file:// URL schemes",
            "refsource": "MLIST",
            "url": "http://openwall.com/lists/oss-security/2011/03/28/2"
          },
          {
            "name": "1025488",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1025488"
          },
          {
            "name": "http://hg.python.org/cpython/file/96a6c128822b/Misc/NEWS",
            "refsource": "CONFIRM",
            "url": "http://hg.python.org/cpython/file/96a6c128822b/Misc/NEWS"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=690560",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=690560"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=737366",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=737366"
          },
          {
            "name": "USN-1596-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/USN-1596-1"
          },
          {
            "name": "http://hg.python.org/cpython/file/b2934d98dac1/Misc/NEWS",
            "refsource": "CONFIRM",
            "url": "http://hg.python.org/cpython/file/b2934d98dac1/Misc/NEWS"
          },
          {
            "name": "[oss-security] 20110911 CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws",
            "refsource": "MLIST",
            "url": "http://openwall.com/lists/oss-security/2011/09/11/1"
          },
          {
            "name": "USN-1613-2",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/USN-1613-2"
          },
          {
            "name": "http://support.apple.com/kb/HT5002",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT5002"
          },
          {
            "name": "https://www.djangoproject.com/weblog/2011/sep/10/127/",
            "refsource": "CONFIRM",
            "url": "https://www.djangoproject.com/weblog/2011/sep/10/127/"
          },
          {
            "name": "51024",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/51024"
          },
          {
            "name": "USN-1613-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/USN-1613-1"
          },
          {
            "name": "[oss-security] 20110913 Re: CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws",
            "refsource": "MLIST",
            "url": "http://openwall.com/lists/oss-security/2011/09/13/2"
          },
          {
            "name": "https://www.djangoproject.com/weblog/2011/sep/09/",
            "refsource": "CONFIRM",
            "url": "https://www.djangoproject.com/weblog/2011/sep/09/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:python:python:2.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:2.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:2.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:2.4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:2.4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:2.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:2.4.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:2.6.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:2.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:2.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:2.4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:2.3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:2.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:2.3.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:2.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:2.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:2.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:2.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:2.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:2.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:2.6.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:2.6.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:2.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:2.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:2.3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:2.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:2.6.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:2.7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:python:python:3.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:3.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:3.2:alpha:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:3.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:3.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-1521"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-399"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://hg.python.org/cpython/file/96a6c128822b/Misc/NEWS",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://hg.python.org/cpython/file/96a6c128822b/Misc/NEWS"
            },
            {
              "name": "http://hg.python.org/cpython/file/b2934d98dac1/Misc/NEWS",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://hg.python.org/cpython/file/b2934d98dac1/Misc/NEWS"
            },
            {
              "name": "1025488",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1025488"
            },
            {
              "name": "[oss-security] 20110328 Re: CVE Request -- Python (urllib, urllib2): Improper management of ftp:// and file:// URL schemes",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://openwall.com/lists/oss-security/2011/03/28/2"
            },
            {
              "name": "http://hg.python.org/cpython/rev/96a6c128822b/",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://hg.python.org/cpython/rev/96a6c128822b/"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=690560",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=690560"
            },
            {
              "name": "http://bugs.python.org/issue11662",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://bugs.python.org/issue11662"
            },
            {
              "name": "http://hg.python.org/cpython/rev/b2934d98dac1/",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://hg.python.org/cpython/rev/b2934d98dac1/"
            },
            {
              "name": "[oss-security] 20110324 CVE Request -- Python (urllib, urllib2): Improper management of ftp:// and file:// URL schemes",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://openwall.com/lists/oss-security/2011/03/24/5"
            },
            {
              "name": "MDVSA-2011:096",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:096"
            },
            {
              "name": "http://support.apple.com/kb/HT5002",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.apple.com/kb/HT5002"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=737366",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=737366"
            },
            {
              "name": "https://www.djangoproject.com/weblog/2011/sep/10/127/",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://www.djangoproject.com/weblog/2011/sep/10/127/"
            },
            {
              "name": "[oss-security] 20110913 Re: CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://openwall.com/lists/oss-security/2011/09/13/2"
            },
            {
              "name": "https://www.djangoproject.com/weblog/2011/sep/09/",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://www.djangoproject.com/weblog/2011/sep/09/"
            },
            {
              "name": "[oss-security] 20110911 CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://openwall.com/lists/oss-security/2011/09/11/1"
            },
            {
              "name": "APPLE-SA-2011-10-12-3",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
            },
            {
              "name": "[oss-security] 20110916 Re: CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://openwall.com/lists/oss-security/2011/09/15/5"
            },
            {
              "name": "USN-1596-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-1596-1"
            },
            {
              "name": "USN-1613-2",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-1613-2"
            },
            {
              "name": "USN-1592-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-1592-1"
            },
            {
              "name": "USN-1613-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-1613-1"
            },
            {
              "name": "51040",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/51040"
            },
            {
              "name": "50858",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/50858"
            },
            {
              "name": "51024",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/51024"
            },
            {
              "name": "SUSE-SR:2011:009",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2019-10-25T11:53Z",
      "publishedDate": "2011-05-24T23:55Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2011-1521 (GCVE-0-2011-1521)

CERTA-2012-AVI-046

Description

Solution

CERTA-2011-AVI-564

Description

Solution

GHSA-CQ22-FW8F-MVCW

FKIE_CVE-2011-1521

GSD-2011-1521

Tags

Sightings

Nomenclature