Description

The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs.

Remediation

References

CVE-2011-1521

Related Vulnerabilities

Drupal Core 7.x Security Bypass (7.0 - 7.4)

WordPress Plugin Redirection for Contact Form 7 Multiple Vulnerabilities (2.3.3)

WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2019-16335)

WordPress Plugin White Label CMS PHP Object Injection (2.4)

Moodle Resource Management Errors Vulnerability (CVE-2014-7847)

Severity

Medium

Classification

CVE-2011-1521

Tags

Missing Update Known Vulnerabilities