Описание
The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | ignored | end of life |
| devel | DNE | |
| hardy | released | 2.4.5-1ubuntu4.4 |
| lucid | DNE | |
| maverick | DNE | |
| natty | DNE | |
| oneiric | DNE | |
| precise | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | DNE | |
| hardy | released | 2.5.2-2ubuntu6.2 |
| lucid | DNE | |
| maverick | DNE | |
| natty | DNE | |
| oneiric | DNE | |
| precise | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | DNE | |
| hardy | DNE | |
| lucid | released | 2.6.5-1ubuntu6.1 |
| maverick | ignored | end of life |
| natty | released | 2.6.6-6ubuntu7.1 |
| oneiric | not-affected | 2.6.7-4ubuntu1 |
| precise | DNE | |
| upstream | released | 2.6.7 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | not-affected | 2.7.2~rc1-2 |
| hardy | DNE | |
| lucid | DNE | |
| maverick | ignored | end of life |
| natty | released | 2.7.1-5ubuntu2.2 |
| oneiric | not-affected | 2.7.2~rc1-2 |
| precise | not-affected | 2.7.2~rc1-2 |
| upstream | released | 2.7.2 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | DNE | |
| hardy | DNE | |
| lucid | released | 3.1.2-0ubuntu3.1 |
| maverick | released | 3.1.2+20100915-0ubuntu4.1 |
| natty | released | 3.1.3-1ubuntu1.1 |
| oneiric | DNE | |
| precise | DNE | |
| upstream | released | 3.1.4 rc1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | not-affected | 3.2.1~rc1-1 |
| hardy | DNE | |
| lucid | DNE | |
| maverick | DNE | |
| natty | released | 3.2-1ubuntu1.1 |
| oneiric | not-affected | 3.2.1~rc1-1 |
| precise | not-affected | 3.2.1~rc1-1 |
| upstream | released | 3.2.1 |
Показывать по
EPSS
6.4 Medium
CVSS2
Связанные уязвимости
The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs.
The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs.
The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x befo ...
The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs.
ELSA-2011-0554: python security, bug fix, and enhancement update (MODERATE)
EPSS
6.4 Medium
CVSS2