Release date:
Updated on:
Affected Systems:
Python python 2.6.x
Python 2.4.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 47024
Cve id: CVE-2011-1521
Python is a disruptive, interactive, and open-source object-oriented programming language, similar to Perl, Tcl, Scheme, or Java.
Python "urllib" and "urllib2" modules have information leakage and DoS Vulnerabilities. Remote attackers can exploit this vulnerability to obtain sensitive information or consume too much CPU and memory resources, resulting in DOS.
Python urllib and urllib2 modules are usually used to obtain web pages. By default, they also contain the ftp: // and file: // URL Processing programs. However, the Web server can redirect (HTTP 302) urllib requests to any supported scheme.
<* Source: Guido van rosum
Link: http://bugs.python.org/issue11662
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Python
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Www.python.org