Vulnerability-Lookup

CVE-2011-4940 (GCVE-0-2011-4940)

Vulnerability from cvelistv5 – Published: 2012-06-27 10:00 – Updated: 2024-08-07 00:23

Summary

The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

FKIE_CVE-2011-4940

Vulnerability from fkie_nvd - Published: 2012-06-27 10:18 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

	URL	Tags
	secalert@redhat.com	http://bugs.python.org/issue11442
	secalert@redhat.com	http://jvn.jp/en/jp/JVN51176027/index.html
	secalert@redhat.com	http://jvndb.jvn.jp/jvndb/JVNDB-2012-000063
	secalert@redhat.com	http://secunia.com/advisories/50858
	secalert@redhat.com	http://secunia.com/advisories/51024
	secalert@redhat.com	http://secunia.com/advisories/51040
	secalert@redhat.com	http://www.securityfocus.com/bid/54083
	secalert@redhat.com	http://www.ubuntu.com/usn/USN-1592-1
	secalert@redhat.com	http://www.ubuntu.com/usn/USN-1596-1
	secalert@redhat.com	http://www.ubuntu.com/usn/USN-1613-1
	secalert@redhat.com	http://www.ubuntu.com/usn/USN-1613-2
	secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=803500
	af854a3a-2127-422b-91ae-364da2661108	http://bugs.python.org/issue11442
	af854a3a-2127-422b-91ae-364da2661108	http://jvn.jp/en/jp/JVN51176027/index.html
	af854a3a-2127-422b-91ae-364da2661108	http://jvndb.jvn.jp/jvndb/JVNDB-2012-000063
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/50858
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/51024
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/51040
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/54083
	af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-1592-1
	af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-1596-1
	af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-1613-1
	af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-1613-2
	af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=803500

Impacted products

Vendor	Product	Version
python	python	*
python	python	0.9.0
python	python	0.9.1
python	python	1.2
python	python	1.3
python	python	1.5.2
python	python	1.6
python	python	1.6.1
python	python	2.0.1
python	python	2.1.1
python	python	2.1.2
python	python	2.1.3
python	python	2.2.1
python	python	2.2.2
python	python	2.2.3
python	python	2.3.1
python	python	2.3.2
python	python	2.3.3
python	python	2.3.4
python	python	2.3.5
python	python	2.3.7
python	python	2.4.1
python	python	2.4.2
python	python	2.4.3
python	python	2.4.4
python	python	2.4.6
python	python	2.5.1
python	python	2.5.2
python	python	2.5.3
python	python	2.5.4
python	python	2.6.1
python	python	2.6.2
python	python	2.6.3
python	python	2.6.4
python	python	2.6.5
python	python	2.6.6
python	python	2.7.1
python	python	2.7.1
python	python	2.7.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "696C2497-C870-4AF2-B9A1-5994E5F40F99",
              "versionEndIncluding": "2.5.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:0.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC4F49A3-B5D0-447C-859E-C415280040C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:0.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A65A3088-D28E-4781-8374-FC7B9A97CAFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "39902E97-2937-48F5-8FDE-5C8F030FA8DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "27E9A887-ACB1-4602-8E5D-D82361E93E3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:1.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0DB6484-06C5-4E74-B0FA-198523C60C04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CA90DC8-6C72-4925-99B9-C7341ED94952",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:1.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAA8C532-04F2-4F61-86AD-5289C9E605EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEB6ED07-C176-496D-B9CA-F24933D71999",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A223BB3-DD5A-48C9-9C82-5D1C4F122828",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:2.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C14973EE-5A2E-4935-8D29-594761502D72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:2.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E502388-0A87-4503-8EC9-8A43E8BF43E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3CD168A-2180-44C8-8784-3B32589904BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:2.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB30EAAD-5CF0-41DD-909B-C6AD94D88ABB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:2.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "569FAD3A-17DF-424A-AF93-B0720D48D6B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:2.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BD8ED56-5568-4461-B94A-0B5C1EF8C01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:2.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "396FFF60-8F61-43E5-BF0C-A0C319714247",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:2.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "75872F94-A537-4E57-8325-3426DB5D6C75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:2.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A038A64-E659-47BB-B2C6-8FD151684CBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:2.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A82F7C03-C9D3-4B83-AF74-30981EC25431",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:2.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "02839080-EFB1-4F63-9D4E-45E26D82ECF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "00C353D0-C579-4C0B-AD7D-9E56353F2BF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:2.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FB87E45-DBC2-4D0F-B4E9-38585D2F92A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:2.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "976E5CD0-3A1E-43E6-9C34-B8F1EE1AB863",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:2.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "179EDC23-2328-4BB6-98D5-7C1A975A0C46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:2.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "87B6E723-EC9D-44EF-9DB8-8A229E0ABBB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:2.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "12D3CD4F-0C58-46F4-939D-FDF19BC98729",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:2.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D13FC75-3979-40A8-A1FE-EF86EB15C8A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:2.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "78AE8C3C-53A1-408A-BA23-1EBA1E6A0E4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:2.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA59C66F-E469-42C1-9745-330E35AE5A26",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:python:python:2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "244740D0-CACA-4607-964C-F0F46153653D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:2.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA3487C5-05AD-4553-B123-45F0A51BBA3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:2.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "486AB201-5BE7-4947-B18B-DA8F86E5D626",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:2.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E852D2C6-D744-4311-97B3-CAEF073D6585",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:2.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "845FBD14-4175-49F1-B762-4F550CEF5B0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:2.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "84E7646B-BC7C-4ED6-925B-268291F31610",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:python:python:2.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CE2063E-5B74-4731-885F-80D2D7B15604",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:2.7.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "FC647F82-9679-4B26-AFF1-1B43B0AF18B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:2.7.2:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "046BCC55-F166-4C31-AB2B-815A0DFA2BEE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n list_directory en lib/SimpleHTTPServer.py en SimpleHTTPServer en Python anterior a v2.5.6c1, v2.6.x anterior a v2.6.7 RC2, y v2.7.x anterior a v2.7.2 no pone un par\u00e1metro charset en la cabecera Content-Type de HTTP, lo que hace m\u00e1s f\u00e1cil para los atacantes remotos realizar ataques XSS contra Internet Explorer 7 a trav\u00e9s de codificaci\u00f3n UTF-7."
    }
  ],
  "id": "CVE-2011-4940",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.6,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-06-27T10:18:36.433",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://bugs.python.org/issue11442"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://jvn.jp/en/jp/JVN51176027/index.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000063"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/50858"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/51024"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/51040"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/54083"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-1592-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-1596-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-1613-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-1613-2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=803500"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugs.python.org/issue11442"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://jvn.jp/en/jp/JVN51176027/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000063"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/50858"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/51024"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/51040"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/54083"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1592-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1596-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1613-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1613-2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=803500"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTA-2012-AVI-663

Vulnerability from certfr_avis - Published: 2012-11-19 - Updated: 2012-11-19

De multiples vulnérabilités ont été corrigées dans VMware ESX et ESXi Server. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance au moyen d'enregistrements DNS spécialement conçus.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	VMware	ESXi	VMware ESXi version 4.1 sans le patch ESXi410-201211401-SG
	VMware	ESXi	VMware ESX version 4.1 sans les patches ESX410-201211401-SG, ESX410-201211402-SG, ESX410-201211405-SG et ESX410-201211407-SG

References

Title

Publication Time

GSD-2011-4940

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2011-4940

Aliases

CVE-2011-4940

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2011-4940",
    "description": "The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding.",
    "id": "GSD-2011-4940",
    "references": [
      "https://www.suse.com/security/cve/CVE-2011-4940.html",
      "https://access.redhat.com/errata/RHSA-2012:0745",
      "https://access.redhat.com/errata/RHSA-2012:0744",
      "https://alas.aws.amazon.com/cve/html/CVE-2011-4940.html",
      "https://linux.oracle.com/cve/CVE-2011-4940.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2011-4940"
      ],
      "details": "The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding.",
      "id": "GSD-2011-4940",
      "modified": "2023-12-13T01:19:05.176656Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2011-4940",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://secunia.com/advisories/50858",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/50858"
          },
          {
            "name": "http://secunia.com/advisories/51024",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/51024"
          },
          {
            "name": "http://secunia.com/advisories/51040",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/51040"
          },
          {
            "name": "http://www.ubuntu.com/usn/USN-1596-1",
            "refsource": "MISC",
            "url": "http://www.ubuntu.com/usn/USN-1596-1"
          },
          {
            "name": "http://www.ubuntu.com/usn/USN-1613-1",
            "refsource": "MISC",
            "url": "http://www.ubuntu.com/usn/USN-1613-1"
          },
          {
            "name": "http://www.ubuntu.com/usn/USN-1613-2",
            "refsource": "MISC",
            "url": "http://www.ubuntu.com/usn/USN-1613-2"
          },
          {
            "name": "http://bugs.python.org/issue11442",
            "refsource": "MISC",
            "url": "http://bugs.python.org/issue11442"
          },
          {
            "name": "http://jvn.jp/en/jp/JVN51176027/index.html",
            "refsource": "MISC",
            "url": "http://jvn.jp/en/jp/JVN51176027/index.html"
          },
          {
            "name": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000063",
            "refsource": "MISC",
            "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000063"
          },
          {
            "name": "http://www.securityfocus.com/bid/54083",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/bid/54083"
          },
          {
            "name": "http://www.ubuntu.com/usn/USN-1592-1",
            "refsource": "MISC",
            "url": "http://www.ubuntu.com/usn/USN-1592-1"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=803500",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=803500"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:python:python:2.4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:2.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:2.3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:2.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:2.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:0.9.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:2.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:0.9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:1.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:2.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:2.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:2.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:2.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:1.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:2.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:2.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:2.4.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:2.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:2.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:2.3.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.5.6",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:2.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:2.4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:2.3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:2.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:2.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:2.4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:python:python:2.6.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:2.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:2.6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:2.6.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:2.6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:2.6.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:python:python:2.7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:2.7.1:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:2.7.2:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2011-4940"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=803500",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=803500"
            },
            {
              "name": "http://bugs.python.org/issue11442",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://bugs.python.org/issue11442"
            },
            {
              "name": "JVNDB-2012-000063",
              "refsource": "JVNDB",
              "tags": [],
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000063"
            },
            {
              "name": "JVN#51176027",
              "refsource": "JVN",
              "tags": [],
              "url": "http://jvn.jp/en/jp/JVN51176027/index.html"
            },
            {
              "name": "USN-1596-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-1596-1"
            },
            {
              "name": "USN-1613-2",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-1613-2"
            },
            {
              "name": "USN-1613-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-1613-1"
            },
            {
              "name": "USN-1592-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-1592-1"
            },
            {
              "name": "54083",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/54083"
            },
            {
              "name": "51040",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/51040"
            },
            {
              "name": "50858",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/50858"
            },
            {
              "name": "51024",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/51024"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.6,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 4.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2023-02-13T03:24Z",
      "publishedDate": "2012-06-27T10:18Z"
    }
  }
}

GHSA-CR6H-6CQX-MW3F

Vulnerability from github – Published: 2022-05-13 01:31 – Updated: 2022-05-13 01:31

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2011-4940"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-06-27T10:18:00Z",
    "severity": "LOW"
  },
  "details": "The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding.",
  "id": "GHSA-cr6h-6cqx-mw3f",
  "modified": "2022-05-13T01:31:00Z",
  "published": "2022-05-13T01:31:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4940"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2012:0744"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2012:0745"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2011-4940"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=803500"
    },
    {
      "type": "WEB",
      "url": "http://bugs.python.org/issue11442"
    },
    {
      "type": "WEB",
      "url": "http://jvn.jp/en/jp/JVN51176027/index.html"
    },
    {
      "type": "WEB",
      "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000063"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/50858"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/51024"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/51040"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/54083"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-1592-1"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-1596-1"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-1613-1"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-1613-2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

JVNDB-2012-000063

Vulnerability from jvndb - Published: 2012-06-19 14:38 - Updated:2012-12-26 18:01

Severity ?

N/A (UNKNOWN) - -

Summary

Python SimpleHTTPServer vulnerable to cross-site scripting

Details

The SimpleHTTPServer in Python contains a cross-site scripting vulnerability. Keigo Yamazaki of Little eArth Corporation Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

Type

URL

	JVN	https://jvn.jp/en/jp/JVN51176027/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4940
	NVD	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4940
	Cross-site Scripting(CWE-79)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

	Python Software Foundation	Python
	VMware	VMware ESX

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000063.html",
  "dc:date": "2012-12-26T18:01+09:00",
  "dcterms:issued": "2012-06-19T14:38+09:00",
  "dcterms:modified": "2012-12-26T18:01+09:00",
  "description": "The SimpleHTTPServer in Python contains a cross-site scripting vulnerability.\r\n\r\nKeigo Yamazaki of Little eArth Corporation Co., Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000063.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:python:python",
      "@product": "Python",
      "@vendor": "Python Software Foundation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:vmware:esx",
      "@product": "VMware ESX",
      "@vendor": "VMware",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "2.6",
    "@severity": "Low",
    "@type": "Base",
    "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2012-000063",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN51176027/index.html",
      "@id": "JVN#51176027",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4940",
      "@id": "CVE-2011-4940",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4940",
      "@id": "CVE-2011-4940",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Python SimpleHTTPServer vulnerable to cross-site scripting"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2011-4940 (GCVE-0-2011-4940)

FKIE_CVE-2011-4940

CERTA-2012-AVI-663

Solution

GSD-2011-4940

GHSA-CR6H-6CQX-MW3F

JVNDB-2012-000063

Tags

Sightings

Nomenclature