Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1015

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2011-1015
Last Modified 14 May 2013 11:16:47
Published 09 May 2011 06:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-1015

Summary

The is_cgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote attackers to read script source code via an HTTP GET request that lacks a / (slash) character at the beginning of the URI.

Vulnerable Systems

Application

  • Python 2.5

  • Python 2.6

  • Python 3.0


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=680094

CONFIRM - http://svn.python.org/view?view=revision&revision=71303

MLIST - [oss-security] 20110224 Re: CVE request: Information disclosure in CGIHTTPServer from Python

MLIST - [oss-security] 20110223 CVE request: Information disclosure in CGIHTTPServer from Python

CONFIRM - http://hg.python.org/cpython/rev/c6c4398293bd/

CONFIRM - http://bugs.python.org/issue2254

BID - 46541

MANDRIVA - MDVSA-2011:096

SECTRACK - 1025489

UBUNTU - USN-1596-1

UBUNTU - USN-1613-2

UBUNTU - USN-1613-1

SECUNIA - 51040

SECUNIA - 51024

SECUNIA - 50858

Related Patches

Novell SUSE 2012:6310 python-randomisation-update security update for SLE 11 SP1 x86_64

Novell SUSE 2012:6310 python-randomisation-update security update for SLE 11 SP1 i586

Novell SUSE 2012:8080 python security update for SLE 10 SP4 x86_64

Novell SUSE 2012:8080 python security update for SLE 10 SP4 i586


Last Updated: 27 May 2016 11:00:58