CVE-2016-1000110

Опубликовано: 27 нояб. 2019

Источник: debian

EPSS Средний

Описание

The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests.

Пакеты

Пакет	Статус	Версия исправления	Тип
python3.5	fixed	3.5.2-3	package
python3.4	removed		package
python3.2	removed		package
python2.7	fixed	2.7.12-2	package
python2.6	removed		package

Примечания

https://bugs.python.org/issue27568
https://github.com/python/cpython/commit/436fe5a447abb69e5e5a4f453325c422af02dcaa (3.4)
No part of Python does set HTTP_PROXY based on a Proxy: header, the Python bug
just provides a hardening to discard HTTP_PROXY if it thinks a Python script is
running as a CGI script

EPSS

Процентиль: 94%

0.12501

Средний

Связанные уязвимости

CVE-2016-1000110

CVSS3: 6.1

ubuntu

больше 5 лет назад

The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests.

CVE-2016-1000110

CVSS3: 5

redhat

почти 9 лет назад

The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests.

CVE-2016-1000110

CVSS3: 6.1

nvd

больше 5 лет назад

The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests.

GHSA-97ww-5p4j-7pg9

CVSS3: 6.1

github

около 3 лет назад

The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests.

SUSE-SU-2016:2270-1

suse-cvrf

почти 9 лет назад

Security update for python

EPSS

Процентиль: 94%

0.12501

Средний