CVE-2016-9964

Опубликовано: 16 дек. 2016

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS2: 4.3

CVSS3: 6.5

Описание

redirect() in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect("233\r\nSet-Cookie: name=salt") call.

Релиз	Статус	Примечание
artful	not-affected	0.12.11-1
bionic	not-affected	0.12.11-1
cosmic	not-affected	0.12.11-1
devel	not-affected	0.12.11-1
disco	not-affected	0.12.11-1
eoan	not-affected	0.12.11-1
esm-apps/bionic	not-affected	0.12.11-1
esm-apps/focal	not-affected	0.12.11-1
esm-apps/jammy	not-affected	0.12.11-1
esm-apps/xenial	released	0.12.7-1+deb8u1build0.16.04.1

Показывать по

Ссылки на источники

https://www.cve.org/CVERecord?id=CVE-2016-9964

EPSS

Процентиль: 77%

0.01087

Низкий

4.3 Medium

CVSS2

6.5 Medium

CVSS3

Связанные уязвимости

CVE-2016-9964

CVSS3: 6.5

nvd

около 9 лет назад

redirect() in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect("233\r\nSet-Cookie: name=salt") call.

CVE-2016-9964

CVSS3: 6.5

debian

около 9 лет назад

redirect() in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequ ...

GHSA-j6f7-hghw-g437

CVSS3: 6.5

github

больше 3 лет назад

bottle.py vulnerable to CRLF Injection

EPSS

Процентиль: 77%

0.01087

Низкий

4.3 Medium

CVSS2

6.5 Medium

CVSS3

CVE-2016-9964

Описание

Пакет python-bottle

Ссылки на источники

Связанные уязвимости