oss-sec mailing list archives
CVE Request -- Python (urllib, urllib2): Improper management of ftp:// and file:// URL schemes
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Thu, 24 Mar 2011 17:59:33 +0100
Hello Steve, vendors, A security flaw was found in the way handlers for ftp:// and file:// URL schemes in the Python urllib and urllib2 extensible libraries processed the urllib open URL request. A remote attacker could use this flaw to access sensitive information or cause a denial of service (excessive CPU and memory use) of a Python web application, processing URLs, via a specially-crafted urllib open URL request. References: [1] http://bugs.python.org/issue11662 [2] https://bugzilla.redhat.com/show_bug.cgi?id=690560 Could you allocate a CVE id for this? Thanks && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- CVE Request -- Python (urllib, urllib2): Improper management of ftp:// and file:// URL schemes Jan Lieskovsky (Mar 24)
- Re: CVE Request -- Python (urllib, urllib2): Improper management of ftp:// and file:// URL schemes Steven M. Christey (Mar 28)