LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

python: cross-site scripting

Package(s):python CVE #(s):CVE-2011-4940
Created:June 18, 2012 Updated:October 18, 2012
Description: From the Red Hat advisory:

A flaw was found in the way the Python SimpleHTTPServer module generated directory listings. An attacker able to upload a file with a specially-crafted name to a server could possibly perform a cross-site scripting (XSS) attack against victims visiting a listing page generated by SimpleHTTPServer, for a directory containing the crafted file (if the victims were using certain web browsers).

Alerts:
Red Hat RHSA-2012:0744-01 2012-06-18
Red Hat RHSA-2012:0745-01 2012-06-18
CentOS CESA-2012:0745 2012-06-18
Scientific Linux SL-pyth-20120618 2012-06-18
Scientific Linux SL-pyth-20120618 2012-06-18
CentOS CESA-2012:0744 2012-06-18
Oracle ELSA-2012-0744 2012-06-19
Oracle ELSA-2012-0745 2012-06-19
Mandriva MDVSA-2012:096 2012-06-20
Mandriva MDVSA-2012:096-1 2012-07-02
Ubuntu USN-1592-1 2012-10-02
Ubuntu USN-1596-1 2012-10-04
Ubuntu USN-1613-2 2012-10-17
Ubuntu USN-1613-1 2012-10-17
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds