Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2011-1015

EPSS 0.25% · P48
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2011-1015

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
The is_cgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote attackers to read script source code via an HTTP GET request that lacks a / (slash) character at the beginning of the URI.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Python CGIHTTPServer模块CGIHTTPServer.py is_cgi方法信息泄露漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Python是Python软件基金会的一套开源的、面向对象的程序设计语言。该语言具有可扩展、支持模块和包、支持多种平台等特点。 Python 2.5,2.6和3.0版本中的CGIHTTPServer模块的CGIHTTPServer.py中的is_cgi方法中存在信息泄露漏洞。由于该模块没有正确过滤用户提供的输入,导致访问任意脚本内的敏感信息,远程攻击者可以借助HTTP GET请求读取脚本源代码,该请求在URI始端缺少/(斜杠)字符。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2011-1015

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2011-1015

Please Login to view more intelligence information

Same Patch Batch · n/a · 2011-05-09 · 18 CVEs total

CVE-2011-1013Linux kernel和OpenBSD drm_modeset_ctl函数整数符号错误漏洞
CVE-2011-2022Linux Kernel drivers/char/agp/generic.c agp_generic_remove_memory函数权限提升漏洞
CVE-2011-1747Linux kernel agp子系统拒绝服务漏洞
CVE-2011-1746Linux kernel drivers/char/agp/generic.c多个整数溢出漏洞
CVE-2011-1745Linux kernel drivers/char/agp/generic.c agp_generic_insert_memory函数整数溢出漏洞
CVE-2011-1547NetBSD IPComp负载压缩多个栈消耗漏洞
CVE-2011-1324Buffalotech系列路由器管理屏幕多个跨站请求伪造漏洞
CVE-2011-1323Yamaha RT系列路由器IP头解析拒绝服务漏洞
CVE-2011-1090Linux kernel fs/nfs/nfs4proc.c __nfs4_proc_set_acl函数拒绝服务漏洞
CVE-2010-4284Samsung Data Management Server SQL注入漏洞
CVE-2011-1907ISC BIND Response Policy Zones RRSIG Query拒绝服务漏洞
CVE-2011-1789VMware vCenter/ESXi/ESX vSphere客户端self-extracting安装程序欺骗漏洞
CVE-2011-1788VMware vCenter Server信息泄露漏洞
CVE-2011-1748Linux kernel net/can/raw.c raw_release函数拒绝服务漏洞
CVE-2011-1598Linux kernel net/can/bcm.c bcm_release函数拒绝服务漏洞
CVE-2011-1574Konstanty_Bialkowski Libmodplug栈缓冲区错误漏洞
CVE-2011-0426VMware vCenter和VirtualCenter Server目录遍历漏洞

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2011-1015

No comments yet

Leave a comment