CGI directory traversal (is_cgi() function)¶
Warning
This resource is maintained for historical reference and does not contain the latest vulnerability info for Python.
The canonical database for vulnerabilities affecting Python is available on GitHub in the Open Source Vulnerability (OSV) format. This vulnerability can be viewed online at the Open Source Vulnerability Database.
The is_cgi()
method in CGIHTTPServer.py
in the CGIHTTPServer
module in Python 2.5, 2.6, and 3.0 allows remote attackers to read script
source code via an HTTP GET request that lacks a /
(slash) character at
the beginning of the URI.
Dates:
- Disclosure date: 2008-03-07 (Python issue bpo-2254 reported)
Fixed In¶
- Python 2.7.0 (2010-07-03) fixed by commit 923ba36 (branch 2.7) (2009-04-06)
- Python 3.2.4 (2013-04-06) fixed by commit 923ba36 (branch 2.7) (2009-04-06)
- Python 3.3.1 (2013-04-06) fixed by commit 923ba36 (branch 2.7) (2009-04-06)
- Python 3.4.0 (2014-03-16) fixed by commit 923ba36 (branch 2.7) (2009-04-06)
Python issue¶
Python CGIHTTPServer information disclosure.
- Python issue: bpo-2254
- Creation date: 2008-03-07
- Reporter: sumar
CVE-2011-1015¶
The is_cgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote attackers to read script source code via an HTTP GET request that lacks a / (slash) character at the beginning of the URI.
- CVE ID: CVE-2011-1015
- Published: 2011-05-09
- CVSS Score: 5.0
Timeline¶
Timeline using the disclosure date 2008-03-07 as reference:
- 2008-03-07: Python issue bpo-2254 reported by sumar
- 2009-04-06 (+395 days): commit 923ba36 (branch 2.7)
- 2010-07-03 (+848 days): Python 2.7.0 released
- 2011-05-09 (+1158 days): CVE-2011-1015 published
- 2013-04-06 (+1856 days): Python 3.2.4 released
- 2013-04-06 (+1856 days): Python 3.3.1 released
- 2014-03-16: Python 3.4.0 released