Veracode Vulnerability DatabaseVERACODE:24489Denial Of Service (DoS)
0.136 Low
EPSS
Percentile
95.6%
Python is vulnerable to denail of service (DoS). Due to a flaw found in the Python urllib and urllib2 libraries where they would not differentiate between different target URLs when handling automatic redirects, it caused Python applications using these modules to follow any new URL that they understood, including the “file://” URL type. This could allow a remote server to force a local Python application to read a local file instead of the remote one, possibly exposing local files that were not meant to be exposed.
References
bugs.python.org/issue11662
hg.python.org/cpython/file/96a6c128822b/Misc/NEWS
hg.python.org/cpython/file/b2934d98dac1/Misc/NEWS
hg.python.org/cpython/rev/96a6c128822b/
hg.python.org/cpython/rev/b2934d98dac1/
lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
openwall.com/lists/oss-security/2011/03/24/5
openwall.com/lists/oss-security/2011/03/28/2
openwall.com/lists/oss-security/2011/09/11/1
openwall.com/lists/oss-security/2011/09/13/2
openwall.com/lists/oss-security/2011/09/15/5
secunia.com/advisories/50858
secunia.com/advisories/51024
secunia.com/advisories/51040
securitytracker.com/id?1025488
support.apple.com/kb/HT5002
www.mandriva.com/security/advisories?name=MDVSA-2011:096
www.ubuntu.com/usn/USN-1592-1
www.ubuntu.com/usn/USN-1596-1
www.ubuntu.com/usn/USN-1613-1
www.ubuntu.com/usn/USN-1613-2
access.redhat.com/errata/RHSA-2011:0491
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=690560
bugzilla.redhat.com/show_bug.cgi?id=737366
rhn.redhat.com/errata/RHSA-2009-1625.html
www.djangoproject.com/weblog/2011/sep/09/
www.djangoproject.com/weblog/2011/sep/10/127/
Related
