Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
CVE ID: | CVE-2011-4940 |
Description: | The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content- Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding. |
Test IDs: | None available |
Cross References: |
Common Vulnerability Exposure (CVE) ID: CVE-2011-4940 BugTraq ID: 54083 http://www.securityfocus.com/bid/54083 http://jvn.jp/en/jp/JVN51176027/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2012-000063 http://secunia.com/advisories/50858 http://secunia.com/advisories/51024 http://secunia.com/advisories/51040 http://www.ubuntu.com/usn/USN-1592-1 http://www.ubuntu.com/usn/USN-1596-1 http://www.ubuntu.com/usn/USN-1613-1 http://www.ubuntu.com/usn/USN-1613-2 |