CVE-2016-1000111

Опубликовано: 11 мар. 2020

Источник: ubuntu

Приоритет: low

EPSS Низкий

CVSS2: 5

CVSS3: 5.3

Описание

Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.

Релиз	Статус	Примечание
artful	not-affected	16.6.0-2ubuntu3
bionic	not-affected	17.9.0-1
cosmic	not-affected	17.9.0-1
devel	not-affected	17.9.0-1
disco	not-affected	17.9.0-1
esm-infra-legacy/trusty	not-affected	13.2.0-1ubuntu1.2
esm-infra/bionic	not-affected	17.9.0-1
esm-infra/xenial	not-affected	16.0.0-1ubuntu0.2
precise	ignored	end of life
precise/esm	not-affected	code not present

Показывать по

Релиз	Статус	Примечание
artful	DNE
bionic	DNE
cosmic	DNE
devel	DNE
disco	DNE
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was needed]
precise	DNE
precise/esm	DNE
trusty	ignored	end of standard support
trusty/esm	DNE	trusty was needed

Показывать по

Ссылки на источники

EPSS

Процентиль: 68%

0.00584

Низкий

5 Medium

CVSS2

5.3 Medium

CVSS3

Связанные уязвимости

CVE-2016-1000111

CVSS3: 5

redhat

около 9 лет назад

CVE-2016-1000111

CVSS3: 5.3

nvd

больше 5 лет назад

CVE-2016-1000111

CVSS3: 5.3

debian

больше 5 лет назад

Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1 ...

openSUSE-SU-2016:3157-1

suse-cvrf

больше 8 лет назад

Security update for python-Twisted

SUSE-SU-2017:0114-1

suse-cvrf

больше 8 лет назад

Security update for python-Twisted

EPSS

Процентиль: 68%

0.00584

Низкий

5 Medium

CVSS2

5.3 Medium

CVSS3

CVE-2016-1000111

Описание

Пакет twisted

Пакет twisted-py3

Ссылки на источники

Связанные уязвимости