Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2639

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2012-2639
Last Modified 25 Jun 2012 03:00:00
Published 25 Jun 2012 09:23:42
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2012-2639

Summary

The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding.

Vulnerable Systems

Application

  • Python 0.9.0

  • Python 0.9.1

  • Python 1.2

  • Python 1.3

  • Python 1.5.2

  • Python 1.6

  • Python 1.6.1

  • Python 2.0.1

  • Python 2.1.1

  • Python 2.1.2

  • Python 2.1.3

  • Python 2.2.1

  • Python 2.2.2

  • Python 2.2.3

  • Python 2.3.1

  • Python 2.3.2

  • Python 2.3.3

  • Python 2.3.4

  • Python 2.3.5

  • Python 2.3.7

  • Python 2.4.1

  • Python 2.4.2

  • Python 2.4.3

  • Python 2.4.4

  • Python 2.4.6

  • Python 2.5.1

  • Python 2.5.2

  • Python 2.5.3

  • Python 2.5.4

  • Python 2.5.6

  • Python 2.6.1

  • Python 2.6.2

  • Python 2.6.3

  • Python 2.6.4

  • Python 2.6.5

  • Python 2.6.6

  • Python 2.7

  • Python 2.7.1

  • Python 2.7.2


References

JVNDB - JVNDB-2012-000063

JVN - JVN#51176027

CONFIRM - http://bugs.python.org/issue11442


Last Updated: 27 May 2016 10:56:35