Description

The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs.

Remediation

References

CVE-2011-1521

Related Vulnerabilities

WordPress Plugin Password Vault Cross-Site Scripting (1.8.2)

Coppermine Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-2476)

WordPress Plugin Widget Logic Cross-Site Request Forgery (5.10.2)

OpenSSL Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2018-0735)

WordPress Plugin Customer Service Software & Support Ticket System Cross-Site Scripting (5.5.1)

Severity

Medium

Classification

CVE-2011-1521

Tags

Missing Update Known Vulnerabilities