5

CVE-2011-1015

Exploit
The is_cgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote attackers to read script source code via an HTTP GET request that lacks a / (slash) character at the beginning of the URI.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PythonPython Version3.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.92% 0.89
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://secunia.com/advisories/50858
http://secunia.com/advisories/51024
http://secunia.com/advisories/51040
http://www.ubuntu.com/usn/USN-1596-1
http://www.ubuntu.com/usn/USN-1613-1
http://www.ubuntu.com/usn/USN-1613-2
http://bugs.python.org/issue2254
Patch
Exploit
http://hg.python.org/cpython/rev/c6c4398293bd/
Patch
http://openwall.com/lists/oss-security/2011/02/23/27
Patch
Exploit
http://openwall.com/lists/oss-security/2011/02/24/10
Patch
Exploit
http://securitytracker.com/id?1025489
http://svn.python.org/view?view=revision&revision=71303
Patch
http://www.mandriva.com/security/advisories?name=MDVSA-2011:096
http://www.securityfocus.com/bid/46541
https://bugzilla.redhat.com/show_bug.cgi?id=680094
Patch
Exploit