CVE-2016-1000110

Опубликовано: 18 июл. 2016

Источник: redhat

CVSS3: 5

CVSS2: 5

Описание

The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests.

It was discovered that the Python CGIHandler class did not properly protect against the HTTP_PROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a Python CGI script to an attacker-controlled proxy via a malicious HTTP request.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 4	python	Will not fix
Red Hat Enterprise Linux 5	python	Affected
Red Hat Enterprise Linux 6	python	Fixed	RHSA-2016:1626	18.08.2016
Red Hat Enterprise Linux 7	python	Fixed	RHSA-2016:1626	18.08.2016
Red Hat Software Collections for Red Hat Enterprise Linux 6	python27-python	Fixed	RHSA-2016:1628	18.08.2016
Red Hat Software Collections for Red Hat Enterprise Linux 6	python33-python	Fixed	RHSA-2016:1629	18.08.2016
Red Hat Software Collections for Red Hat Enterprise Linux 6	rh-python34-python	Fixed	RHSA-2016:1630	18.08.2016
Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS	python27-python	Fixed	RHSA-2016:1628	18.08.2016
Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS	python33-python	Fixed	RHSA-2016:1629	18.08.2016
Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS	rh-python34-python	Fixed	RHSA-2016:1630	18.08.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-20

https://bugzilla.redhat.com/show_bug.cgi?id=1357334CGIHandler: sets environmental variable based on user supplied Proxy request header

5 Medium

CVSS3

5 Medium

CVSS2

Связанные уязвимости

CVE-2016-1000110

CVSS3: 6.1

ubuntu

больше 5 лет назад

The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests.

CVE-2016-1000110

CVSS3: 6.1

nvd

больше 5 лет назад

The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests.

CVE-2016-1000110

CVSS3: 6.1

debian

больше 5 лет назад

The CGIHandler class in Python before 2.7.12 does not protect against ...

GHSA-97ww-5p4j-7pg9

CVSS3: 6.1

github

около 3 лет назад

The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests.

SUSE-SU-2016:2270-1

suse-cvrf

почти 9 лет назад

Security update for python

5 Medium

CVSS3

5 Medium

CVSS2