oss-sec mailing list archives
CVE-2012-2639 reject request (duplicate of CVE-2011-4940)
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Tue, 26 Jun 2012 14:44:48 +0200
Hello Steve, vendors, due the recently assigned CVE-2012-2639: ====================================================== Name: CVE-2012-2639 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2639 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20120514 Category: Reference: CONFIRM:http://bugs.python.org/issue11442 Reference: JVN:JVN#51176027 Reference: URL:http://jvn.jp/en/jp/JVN51176027/index.html Reference: JVNDB:JVNDB-2012-000063 Reference: URL:http://jvndb.jvn.jp/jvndb/JVNDB-2012-000063 The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding. Could you reject it? (as it is a duplicate of CVE-2011-4940): https://bugzilla.redhat.com/show_bug.cgi?id=835496#c2 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4940 http://www.openwall.com/lists/oss-security/2012/03/15/1 Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- CVE-2012-2639 reject request (duplicate of CVE-2011-4940) Jan Lieskovsky (Jun 26)