CVE Vulnerabilities

CVE-2011-1521

Published: May 24, 2011 | Modified: Oct 25, 2019
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.4 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu

The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs.

Affected Software

Name Vendor Start Version End Version
Python Python 2.4.2 2.4.2
Python Python 2.5.1 2.5.1
Python Python 2.3.4 2.3.4
Python Python 2.6.6 2.6.6
Python Python 2.1 2.1
Python Python 2.0.1 2.0.1
Python Python 2.6.1 2.6.1
Python Python 2.3.1 2.3.1
Python Python 2.1.2 2.1.2
Python Python 2.2.1 2.2.1
Python Python 2.5.4 2.5.4
Python Python 2.2.2 2.2.2
Python Python 2.1.1 2.1.1
Python Python 2.3.3 2.3.3
Python Python 2.7.1 2.7.1
Python Python 2.3.2 2.3.2
Python Python 2.6.7 2.6.7
Python Python 2.4.6 2.4.6
Python Python 2.0 2.0
Python Python 2.2.3 2.2.3
Python Python 2.5.2 2.5.2
Python Python 2.3.7 2.3.7
Python Python 2.6.4 2.6.4
Python Python 2.5.3 2.5.3
Python Python 2.4.4 2.4.4
Python Python 2.2 2.2
Python Python 2.3.5 2.3.5
Python Python 2.1.3 2.1.3
Python Python 2.4.1 2.4.1
Python Python 2.4.3 2.4.3
Python Python 2.6.5 2.6.5

References