CVE-2011-4940

Priority
Description
The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer
in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2
does not place a charset parameter in the Content-Type HTTP header, which
makes it easier for remote attackers to conduct cross-site scripting (XSS)
attacks against Internet Explorer 7 via UTF-7 encoding.
Notes
 tyhicks> A duplicate CVE was incorrectly assigned as CVE-2012-2639
Assigned-to
jdstrand
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Package
Upstream:released (2.7.2-8)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (2.7.2-13ubuntu5)
Patches:
Upstream:http://hg.python.org/cpython/rev/e9724d7abbc2/
More Information

Updated: 2019-01-14 22:00:53 UTC (commit 51f9b73af244ba86b9321e46e526586c25a8e060)