CVE-2011-4940
Description
The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding.
Risk Information
Base Score
6.1
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.236
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| (RHSA-2012:0745) Moderate: python security update python-2.4.3-46.el5_8.2.i386.rpm | Linux |
| (RHSA-2012:0745) Moderate: python security update python-2.4.3-46.el5_8.2.x86_64.rpm | Linux |
| (RHSA-2012:0745) Moderate: python security update python-devel-2.4.3-46.el5_8.2.i386.rpm | Linux |
| (RHSA-2012:0745) Moderate: python security update python-devel-2.4.3-46.el5_8.2.x86_64.rpm | Linux |
| (RHSA-2012:0745) Moderate: python security update python-libs-2.4.3-46.el5_8.2.i386.rpm | Linux |
| (RHSA-2012:0745) Moderate: python security update python-libs-2.4.3-46.el5_8.2.x86_64.rpm | Linux |
| (RHSA-2012:0745) Moderate: python security update python-tools-2.4.3-46.el5_8.2.i386.rpm | Linux |
| (RHSA-2012:0745) Moderate: python security update python-tools-2.4.3-46.el5_8.2.x86_64.rpm | Linux |
| (RHSA-2012:0745) Moderate: python security update tkinter-2.4.3-46.el5_8.2.i386.rpm | Linux |
| (RHSA-2012:0745) Moderate: python security update tkinter-2.4.3-46.el5_8.2.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234