Python CGIHTTPServer Module Information Disclosure Vulnerability Network Vulnerability

Summary

This host is installed with Python and is prone to Information Disclosure vulnerability.

Impact

Successful exploitation could allow attackers to gain access to potentially sensitive information contained in arbitrary scripts by requesting cgi script without / in the beginnig of URL.

Solution

Apply the patch from below link, http://svn.python.org/view?view=revision&revision=71303 ***** NOTE: Ignore this warning if above mentioned patch is already applied. *****

Insight

The flaw is due to an error when handling 'is_cgi' method in 'CGIHTTPServer.py' in the 'CGIHTTPServer module', which allows an attcker to supply a specially crafted request without the leading '/' character to the CGIHTTPServer.

Affected

Python version 2.5, 2.6, and 3.0

References

http://bugs.python.org/issue2254
http://hg.python.org/cpython/rev/c6c4398293bd/
http://securitytracker.com/id?1025489

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-1015
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apple Safari 'Webkit' Information Disclosure Vulnerability (Mac OS X)
AOLserver Default Password
Apple Safari Secure Cookie Security Bypass Vulnerability (Mac OS X)
Apple iTunes Multiple Vulnerabilities - Apr10
Adobe Reader Information Disclosure Vulnerability Jun05 (Windows)

Take action and discover your vulnerabilities