CVE Reference: CVE-2011-1521

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2011-1521

Description:
The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs.

CVE Status:
Candidate

References:

UBUNTU
  http://www.ubuntu.com/usn/USN-1596-1
  http://www.ubuntu.com/usn/USN-1613-2
  http://www.ubuntu.com/usn/USN-1592-1
  http://www.ubuntu.com/usn/USN-1613-1

SUSE
  http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html

ST
  1025488

SAID
  Secunia Advisory: SA50858
  Secunia Advisory: SA51024
  Secunia Advisory: SA51040

MLIST
  http://openwall.com/lists/oss-security/2011/09/15/5
  http://openwall.com/lists/oss-security/2011/09/13/2
  http://openwall.com/lists/oss-security/2011/09/11/1
  http://openwall.com/lists/oss-security/2011/03/28/2
  http://openwall.com/lists/oss-security/2011/03/24/5

MANDRIVA
  http://www.mandriva.com/security/advisories?name=MDVSA-2011:096

CONFIRM
  http://support.apple.com/kb/HT5002
  http://hg.python.org/cpython/rev/b2934d98dac1/
  http://hg.python.org/cpython/rev/96a6c128822b/
  http://hg.python.org/cpython/file/b2934d98dac1/Misc/NEWS
  http://hg.python.org/cpython/file/96a6c128822b/Misc/NEWS
  http://bugs.python.org/issue11662

APPLE
  http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html


Return to the previous page.