Описание
The is_cgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote attackers to read script source code via an HTTP GET request that lacks a / (slash) character at the beginning of the URI.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| python2.6 | fixed | 2.6.8-1 | package | |
| python2.6 | no-dsa | wheezy | package | |
| python2.5 | unfixed | package | ||
| python2.5 | no-dsa | squeeze | package | |
| python2.5 | no-dsa | lenny | package | |
| python2.4 | removed | package | ||
| python2.4 | no-dsa | lenny | package |
Примечания
Python 2.7 and 3.1 are fixed
http://bugs.python.org/issue2254
EPSS
Связанные уязвимости
The is_cgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote attackers to read script source code via an HTTP GET request that lacks a / (slash) character at the beginning of the URI.
The is_cgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote attackers to read script source code via an HTTP GET request that lacks a / (slash) character at the beginning of the URI.
The is_cgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote attackers to read script source code via an HTTP GET request that lacks a / (slash) character at the beginning of the URI.
The is_cgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote attackers to read script source code via an HTTP GET request that lacks a / (slash) character at the beginning of the URI.
ELSA-2011-0554: python security, bug fix, and enhancement update (MODERATE)
EPSS