Описание
The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| hardy | released | 2.4.5-1ubuntu4.4 |
| lucid | DNE | |
| maverick | DNE | |
| natty | DNE | |
| oneiric | DNE | |
| precise | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| hardy | released | 2.5.2-2ubuntu6.2 |
| lucid | DNE | |
| maverick | DNE | |
| natty | DNE | |
| oneiric | DNE | |
| precise | DNE | |
| upstream | released | 2.5.6 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| hardy | DNE | |
| lucid | released | 2.6.5-1ubuntu6.1 |
| maverick | ignored | end of life |
| natty | released | 2.6.6-6ubuntu7.1 |
| oneiric | not-affected | 2.6.7-4ubuntu1 |
| precise | DNE | |
| upstream | released | 2.6.7-1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 2.7.2-13ubuntu5 |
| hardy | DNE | |
| lucid | DNE | |
| maverick | ignored | end of life |
| natty | released | 2.7.1-5ubuntu2.2 |
| oneiric | not-affected | 2.7.2-5ubuntu1 |
| precise | not-affected | 2.7.2-13ubuntu5 |
| upstream | released | 2.7.2-8 |
Показывать по
Ссылки на источники
2.6 Low
CVSS2
Связанные уязвимости
The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding.
The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding.
The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPSe ...
The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding.
2.6 Low
CVSS2