SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Python Vendors:   Python.org
Python urllib Redirection Flaw Lets Remote Servers Deny Service and Obtain Files
SecurityTracker Alert ID:  1025488
SecurityTracker URL:  http://securitytracker.com/id/1025488
CVE Reference:   CVE-2011-1521   (Links to External Site)
Date:  May 5 2011
Impact:   Denial of service via network, Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2.4.6, 2.6.5
Description:   A vulnerability was reported in Python. A remote user can cause denial of service conditions. A remote user can obtain files on the target system.

A remote server can return a specially crafted HTTP 302 redirect to cause the connected application to load a 'file://' resource to access a file or consume excessive resource on the connected system.

The urllib and urllib2 modules are affected.

Impact:   A remote server can cause denial of service conditions on the connected application.

A remote server can access files on the system running the connected application.

Solution:   The vendor has issued a fix (2.6.7).

The vendor's advisory is available at:

http://bugs.python.org/issue11662

Vendor URL:  www.python.org/ (Links to External Site)
Cause:   Access control error, Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
May 5 2011 (Red Hat Issues Fix) Python urllib Redirection Flaw Lets Remote Servers Deny Service and Obtain Files
Red Hat has issued a fix for Red Hat Enterprise Linux 4.
May 5 2011 (Red Hat Issues Fix) Python urllib Redirection Flaw Lets Remote Servers Deny Service and Obtain Files
Red Hat has issued a fix for Red Hat Enterprise Linux 5.
May 19 2011 (Red Hat Issues Fix) Python urllib Redirection Flaw Lets Remote Servers Deny Service and Obtain Files
Red Hat has issued a fix for Red Hat Enterprise Linux 6.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC