Web application abuses : CPython CRLF Injection Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.809219

Categoría: Web application abuses

Título: CPython CRLF Injection Vulnerability - Linux

Resumen: CPython is prone to a CRLF injection vulnerability.

Descripción: Summary:
CPython is prone to a CRLF injection vulnerability.

Vulnerability Insight:
The flaw exists because the httplib library does not
properly check 'HTTPConnection.putheader' function arguments.

Vulnerability Impact:
Successful exploitation will allow remote attackers to
inject arbitrary HTTP headers via CRLF sequences in a URL.

Affected Software/OS:
CPython before 2.7.10 and 3.x before 3.4.4.

Solution:
Update to CPython version 2.7.10, 3.4.4, or later.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2016-5699
91226
http://www.securityfocus.com/bid/91226
RHSA-2016:1626
http://rhn.redhat.com/errata/RHSA-2016-1626.html
RHSA-2016:1627
http://rhn.redhat.com/errata/RHSA-2016-1627.html
RHSA-2016:1628
http://rhn.redhat.com/errata/RHSA-2016-1628.html
RHSA-2016:1629
http://rhn.redhat.com/errata/RHSA-2016-1629.html
RHSA-2016:1630
http://rhn.redhat.com/errata/RHSA-2016-1630.html
[debian-lts-announce] 20190207 [SECURITY] [DLA 1663-1] python3.4 security update
https://lists.debian.org/debian-lts-announce/2019/02/msg00011.html
[oss-security] 20160614 CVE request: Python HTTP header injection in urrlib2/urllib/httplib/http.client
http://www.openwall.com/lists/oss-security/2016/06/14/7
[oss-security] 20160615 Re: CVE request: Python HTTP header injection in urrlib2/urllib/httplib/http.client
http://www.openwall.com/lists/oss-security/2016/06/15/12
[oss-security] 20160616 Re: CVE request: Python HTTP header injection in urrlib2/urllib/httplib/http.client
http://www.openwall.com/lists/oss-security/2016/06/16/2
http://blog.blindspotsecurity.com/2016/06/advisory-http-header-injection-in.html
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
http://www.splunk.com/view/SP-CAAAPSV
http://www.splunk.com/view/SP-CAAAPUE
https://docs.python.org/3.4/whatsnew/changelog.html#python-3-4-4
https://hg.python.org/cpython/raw-file/v2.7.10/Misc/NEWS
https://hg.python.org/cpython/rev/1c45047c5102
https://hg.python.org/cpython/rev/bf3e1c9b80e9
openSUSE-SU-2020:0086
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html

Copyright Copyright (C) 2016 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.809219
Categoría:	Web application abuses
Título:	CPython CRLF Injection Vulnerability - Linux
Resumen:	CPython is prone to a CRLF injection vulnerability.
Descripción:	Summary: CPython is prone to a CRLF injection vulnerability. Vulnerability Insight: The flaw exists because the httplib library does not properly check 'HTTPConnection.putheader' function arguments. Vulnerability Impact: Successful exploitation will allow remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL. Affected Software/OS: CPython before 2.7.10 and 3.x before 3.4.4. Solution: Update to CPython version 2.7.10, 3.4.4, or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-5699 91226 http://www.securityfocus.com/bid/91226 RHSA-2016:1626 http://rhn.redhat.com/errata/RHSA-2016-1626.html RHSA-2016:1627 http://rhn.redhat.com/errata/RHSA-2016-1627.html RHSA-2016:1628 http://rhn.redhat.com/errata/RHSA-2016-1628.html RHSA-2016:1629 http://rhn.redhat.com/errata/RHSA-2016-1629.html RHSA-2016:1630 http://rhn.redhat.com/errata/RHSA-2016-1630.html [debian-lts-announce] 20190207 [SECURITY] [DLA 1663-1] python3.4 security update https://lists.debian.org/debian-lts-announce/2019/02/msg00011.html [oss-security] 20160614 CVE request: Python HTTP header injection in urrlib2/urllib/httplib/http.client http://www.openwall.com/lists/oss-security/2016/06/14/7 [oss-security] 20160615 Re: CVE request: Python HTTP header injection in urrlib2/urllib/httplib/http.client http://www.openwall.com/lists/oss-security/2016/06/15/12 [oss-security] 20160616 Re: CVE request: Python HTTP header injection in urrlib2/urllib/httplib/http.client http://www.openwall.com/lists/oss-security/2016/06/16/2 http://blog.blindspotsecurity.com/2016/06/advisory-http-header-injection-in.html http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://www.splunk.com/view/SP-CAAAPSV http://www.splunk.com/view/SP-CAAAPUE https://docs.python.org/3.4/whatsnew/changelog.html#python-3-4-4 https://hg.python.org/cpython/raw-file/v2.7.10/Misc/NEWS https://hg.python.org/cpython/rev/1c45047c5102 https://hg.python.org/cpython/rev/bf3e1c9b80e9 openSUSE-SU-2020:0086 http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
Copyright	Copyright (C) 2016 Greenbone AG