CVE-2011-4940

Priority
Description
The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer
in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2
does not place a charset parameter in the Content-Type HTTP header, which
makes it easier for remote attackers to conduct cross-site scripting (XSS)
attacks against Internet Explorer 7 via UTF-7 encoding.
Assigned-to
jdstrand
Notes
tyhicksA duplicate CVE was incorrectly assigned as CVE-2012-2639
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Package
Upstream:released (2.7.2-8)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (2.7.2-13ubuntu5)
Patches:
Upstream:http://hg.python.org/cpython/rev/e9724d7abbc2/
More Information

Updated: 2019-12-05 20:58:24 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)