Svi
Pretraži prema proizvođaču
Pretraži prema CWE oznaci
O usluzi
Pretplate
Jezik
hr
en
CVE-2016-5699 - CERT CVE
CVE-2016-5699
ID
CVE-2016-5699
Sažetak
CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL.
Reference
http://blog.blindspotsecurity.com/2016/06/advisory-http-header-injection-in.html
https://docs.python.org/3.4/whatsnew/changelog.html#python-3-4-4
https://hg.python.org/cpython/rev/bf3e1c9b80e9
http://www.openwall.com/lists/oss-security/2016/06/15/12
http://www.openwall.com/lists/oss-security/2016/06/16/2
http://www.openwall.com/lists/oss-security/2016/06/14/7
https://hg.python.org/cpython/raw-file/v2.7.10/Misc/NEWS
https://hg.python.org/cpython/rev/1c45047c5102
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
http://www.securityfocus.com/bid/91226
http://www.splunk.com/view/SP-CAAAPUE
http://www.splunk.com/view/SP-CAAAPSV
http://rhn.redhat.com/errata/RHSA-2016-1630.html
http://rhn.redhat.com/errata/RHSA-2016-1629.html
http://rhn.redhat.com/errata/RHSA-2016-1628.html
http://rhn.redhat.com/errata/RHSA-2016-1627.html
http://rhn.redhat.com/errata/RHSA-2016-1626.html
https://lists.debian.org/debian-lts-announce/2019/02/msg00011.html
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
CVSS
Base:
4.3
Impact:
2.9
Exploitability:
8.6
Pristup
Vektor
Složenost
Autentikacija
NETWORK
MEDIUM
NONE
Impact
Povjerljivost
Cjelovitost
Dostupnost
NONE
PARTIAL
NONE
CVSS vektor
AV:N/AC:M/Au:N/C:N/I:P/A:N
Zadnje važnije ažuriranje
12-02-2023 - 23:24
Objavljeno
02-09-2016 - 14:59