Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-5699

Опубликовано: 24 нояб. 2014
Источник: redhat
CVSS3: 5.3
CVSS2: 5
EPSS Средний

Описание

CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL.

It was found that the Python's httplib library (used by urllib, urllib2 and others) did not properly check HTTPConnection.putheader() function arguments. An attacker could use this flaw to inject additional headers in a Python application that allowed user provided header names or values.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5pythonWill not fix
Red Hat Enterprise Linux 6pythonFixedRHSA-2016:162618.08.2016
Red Hat Enterprise Linux 7pythonFixedRHSA-2016:162618.08.2016
Red Hat Software Collections for Red Hat Enterprise Linux 6python27-pythonFixedRHSA-2016:162818.08.2016
Red Hat Software Collections for Red Hat Enterprise Linux 6python33-pythonFixedRHSA-2016:162918.08.2016
Red Hat Software Collections for Red Hat Enterprise Linux 6rh-python34-pythonFixedRHSA-2016:163018.08.2016
Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUSpython27-pythonFixedRHSA-2016:162818.08.2016
Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUSpython33-pythonFixedRHSA-2016:162918.08.2016
Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUSrh-python34-pythonFixedRHSA-2016:163018.08.2016
Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUSpython27-pythonFixedRHSA-2016:162818.08.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=1303699python: http protocol steam injection attack

EPSS

Процентиль: 93%
0.10221
Средний

5.3 Medium

CVSS3

5 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-5699

CVSS3: 6.1
ubuntu
почти 9 лет назад

CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL.

nvd логотип

CVE-2016-5699

CVSS3: 6.1
nvd
почти 9 лет назад

CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL.

debian логотип

CVE-2016-5699

CVSS3: 6.1
debian
почти 9 лет назад

CRLF injection vulnerability in the HTTPConnection.putheader function ...

github логотип

GHSA-mfrc-633m-gcwg

CVSS3: 6.1
github
около 3 лет назад

CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL.

suse-cvrf логотип

openSUSE-SU-2016:1885-1

suse-cvrf
почти 9 лет назад

Security update for python

EPSS

Процентиль: 93%
0.10221
Средний

5.3 Medium

CVSS3

5 Medium

CVSS2