Description
The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding.
Remediation
References
Related Vulnerabilities
WordPress Plugin AVH Extended Categories Widgets SQL Injection (4.0.0)
WordPress Plugin Memphis Documents Library Arbitrary File Download (3.1.5)
WordPress Plugin Enmask Captcha Malicious Redirects (1.3)
WordPress Plugin Register Plus 'wp-login.php' Multiple Cross-Site Scripting Vulnerabilities (3.5.1)