6.4

CVE-2011-1521

The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PythonPython Version2.0
PythonPython Version2.0.1
PythonPython Version2.1
PythonPython Version2.1.1
PythonPython Version2.1.2
PythonPython Version2.1.3
PythonPython Version2.2
PythonPython Version2.2.1
PythonPython Version2.2.2
PythonPython Version2.2.3
PythonPython Version2.3.1
PythonPython Version2.3.2
PythonPython Version2.3.3
PythonPython Version2.3.4
PythonPython Version2.3.5
PythonPython Version2.3.7
PythonPython Version2.4.1
PythonPython Version2.4.2
PythonPython Version2.4.3
PythonPython Version2.4.4
PythonPython Version2.4.6
PythonPython Version2.5.1
PythonPython Version2.5.2
PythonPython Version2.5.3
PythonPython Version2.5.4
PythonPython Version2.6.1
PythonPython Version2.6.4
PythonPython Version2.6.5
PythonPython Version2.6.6
PythonPython Version2.6.7
PythonPython Version2.7.1
PythonPython Version3.0
PythonPython Version3.0.1
PythonPython Version3.1
PythonPython Version3.1.1
PythonPython Version3.1.2
PythonPython Version3.1.3
PythonPython Version3.2
PythonPython Version3.2 Updatealpha
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.27% 0.898
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.4 10 4.9
AV:N/AC:L/Au:N/C:P/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/50858
http://secunia.com/advisories/51024
http://secunia.com/advisories/51040
http://www.ubuntu.com/usn/USN-1596-1
http://www.ubuntu.com/usn/USN-1613-1
http://www.ubuntu.com/usn/USN-1613-2
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
http://support.apple.com/kb/HT5002
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
http://www.mandriva.com/security/advisories?name=MDVSA-2011:096
http://bugs.python.org/issue11662
Patch
http://hg.python.org/cpython/file/96a6c128822b/Misc/NEWS
http://hg.python.org/cpython/file/b2934d98dac1/Misc/NEWS
http://hg.python.org/cpython/rev/96a6c128822b/
Patch
http://hg.python.org/cpython/rev/b2934d98dac1/
Patch
http://openwall.com/lists/oss-security/2011/03/24/5
http://openwall.com/lists/oss-security/2011/03/28/2
http://openwall.com/lists/oss-security/2011/09/11/1
http://openwall.com/lists/oss-security/2011/09/13/2
http://openwall.com/lists/oss-security/2011/09/15/5
http://securitytracker.com/id?1025488
http://www.ubuntu.com/usn/USN-1592-1
https://bugzilla.redhat.com/show_bug.cgi?id=690560
Patch
https://bugzilla.redhat.com/show_bug.cgi?id=737366
https://www.djangoproject.com/weblog/2011/sep/09/
https://www.djangoproject.com/weblog/2011/sep/10/127/