Description
The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding.
Remediation
References
Related Vulnerabilities
WordPress Plugin wp-picasa-image Cross-Site Scripting (1.0)
MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-40601)
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-0304)
MySQL CVE-2020-14878 Vulnerability (CVE-2020-14878)
WordPress Plugin MailPoet Newsletters (Previous) Multiple Unspecified Vulnerabilities (2.7.1)