Fluid Attacks Database

Description

The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	python2.7	>=0 <2.7.1-7	2.7.1-7
rpm rhel5	python	<0:2.4.3-44.el5	0:2.4.3-44.el5
rpm rhel6	python	<0:2.6.6-20.el6	0:2.6.6-20.el6
rpm rhel6	python-docs	<0:2.6.6-2.el6	0:2.6.6-2.el6

Aliases

1. CVE-2011-15212. NVD-2011-15213. OSV-DEBIAN-2011-15214. OSV-2011-15215. SECURITY-TRACKER-CVE-2011-1521

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.