VYPR
← All advisories
Unrated severityNVD Advisory· Published Jun 27, 2012· Updated Apr 29, 2026

CVE-2011-4940

CVE-2011-4940

Description

The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

40
  • Python (programming language)/Python39 versions
    cpe:2.3:a:python:python:*:*:*:*:*:*:*:*+ 38 more
    • cpe:2.3:a:python:python:*:*:*:*:*:*:*:*range: <=2.5.6
    • cpe:2.3:a:python:python:0.9.0:*:*:*:*:*:*:*
    • cpe:2.3:a:python:python:0.9.1:*:*:*:*:*:*:*
    • cpe:2.3:a:python:python:1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:python:python:1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:python:python:1.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:python:python:1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:python:python:1.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:python:python:2.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:python:python:2.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:python:python:2.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:python:python:2.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:python:python:2.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:python:python:2.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:python:python:2.2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:python:python:2.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:python:python:2.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:python:python:2.3.3:*:*:*:*:*:*:*
    • cpe:2.3:a:python:python:2.3.4:*:*:*:*:*:*:*
    • cpe:2.3:a:python:python:2.3.5:*:*:*:*:*:*:*
    • cpe:2.3:a:python:python:2.3.7:*:*:*:*:*:*:*
    • cpe:2.3:a:python:python:2.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:python:python:2.4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:python:python:2.4.3:*:*:*:*:*:*:*
    • cpe:2.3:a:python:python:2.4.4:*:*:*:*:*:*:*
    • cpe:2.3:a:python:python:2.4.6:*:*:*:*:*:*:*
    • cpe:2.3:a:python:python:2.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:python:python:2.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:python:python:2.5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:python:python:2.5.4:*:*:*:*:*:*:*
    • cpe:2.3:a:python:python:2.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:python:python:2.6.2:*:*:*:*:*:*:*
    • cpe:2.3:a:python:python:2.6.3:*:*:*:*:*:*:*
    • cpe:2.3:a:python:python:2.6.4:*:*:*:*:*:*:*
    • cpe:2.3:a:python:python:2.6.5:*:*:*:*:*:*:*
    • cpe:2.3:a:python:python:2.6.6:*:*:*:*:*:*:*
    • cpe:2.3:a:python:python:2.7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:python:python:2.7.1:rc1:*:*:*:*:*:*
    • cpe:2.3:a:python:python:2.7.2:rc1:*:*:*:*:*:*
  • Python (programming language)/SimpleHTTPServerllm-create
    Range: before 2.5.6c1, 2.6.x before 2.6.7 rc2, 2.7.x before 2.7.2

Patches

Vulnerability mechanics

References

12

News mentions

0

No linked articles in our index yet.