N/A
CVE-2011-4940
The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding.
EPSS
0.3%
percentile 50.9%
Affected tracked apps
Vulnerable CPE configurations
| Vendor | Product | Platform | Versions | CPE 2.3 URI |
|---|---|---|---|---|
| python | python | Windows | ≤2.5.6 | cpe:2.3:a:python:python:*:*:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:0.9.0:*:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:0.9.1:*:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:1.2:*:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:1.3:*:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:1.5.2:*:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:1.6:*:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:1.6.1:*:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:2.0.1:*:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:2.1.1:*:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:2.1.2:*:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:2.1.3:*:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:2.2.1:*:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:2.2.2:*:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:2.2.3:*:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:2.3.1:*:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:2.3.2:*:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:2.3.3:*:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:2.3.4:*:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:2.3.5:*:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:2.3.7:*:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:2.4.1:*:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:2.4.2:*:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:2.4.3:*:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:2.4.4:*:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:2.4.6:*:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:2.5.1:*:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:2.5.2:*:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:2.5.3:*:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:2.5.4:*:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:2.6.1:*:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:2.6.2:*:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:2.6.3:*:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:2.6.4:*:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:2.6.5:*:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:2.6.6:*:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:2.7.1:*:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:2.7.1:rc1:*:*:*:*:*:* |
| python | python | Windows | — | cpe:2.3:a:python:python:2.7.2:rc1:*:*:*:*:*:* |