Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2011-1015

Published: 09/05/2011 Updated: 25/10/2019
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Python

Vulnerability Summary

The is_cgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote malicious users to read script source code via an HTTP GET request that lacks a / (slash) character at the beginning of the URI.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

python python 3.0

Vendor Advisories

Debian CVElist Bug Report Logs: python2.6: distutils creates .pypirc insecurely
Debian Bug report logs - #615118 python26: distutils creates pypirc insecurely Package: python26; Maintainer for python26 is (unknown); Reported by: Jakub Wilk <jwilk@debianorg> Date: Fri, 25 Feb 2011 21:09:01 UTC Severity: important Tags: security Found in version python26/266-8 Fixed in version python26/268-1 ...
Ubuntu Security Notice: python2.4 vulnerabilities
Several security issues were fixed in Python 24 ...
Ubuntu Security Notice: python2.5 vulnerabilities
Several security issues were fixed in Python 25 ...
Ubuntu Security Notice: python2.6 vulnerabilities
Several security issues were fixed in Python 26 ...

References

CWE-200http://openwall.com/lists/oss-security/2011/02/24/10http://www.securityfocus.com/bid/46541http://hg.python.org/cpython/rev/c6c4398293bd/http://svn.python.org/view?view=revision&revision=71303http://openwall.com/lists/oss-security/2011/02/23/27http://securitytracker.com/id?1025489https://bugzilla.redhat.com/show_bug.cgi?id=680094http://bugs.python.org/issue2254http://www.mandriva.com/security/advisories?name=MDVSA-2011:096http://www.ubuntu.com/usn/USN-1596-1http://www.ubuntu.com/usn/USN-1613-2http://www.ubuntu.com/usn/USN-1613-1http://secunia.com/advisories/51040http://secunia.com/advisories/50858http://secunia.com/advisories/51024https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=615118https://nvd.nist.govhttps://usn.ubuntu.com/1613-2/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middleCVE-2024-34558CVE-2024-32674CVE-2024-34351XPath injectionCVE-2023-45866CVE-2024-25528CVE-2024-25517path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook