English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.118204
Category:General
Title:Python 2.7.x < 2.7.17, 3.5.x < 3.5.8, 3.6.x < 3.6.9, 3.7.x < 3.7.4 Information Disclosure Vulnerability (bpo-36742) - Mac OS X
Summary:Python is prone to an information disclosure vulnerability.
Description:Summary:
Python is prone to an information disclosure vulnerability.

Vulnerability Insight:
'urlsplit' is affected by a NFKD normalization vulnerability
in 'user:password@'.

Note: The fix for 'CVE-2019-9636' ignored the 'user/password' before '@' whereas it still
allowed to exploit the vulnerability.

Vulnerability Impact:
Information disclosure (credentials, cookies, etc. that are
cached against a given hostname).

Affected Software/OS:
Python 2.7.x prior to version 2.7.17, versions 3.5.x prior to 3.5.8,
3.6.x prior to 3.6.9 and 3.7.x prior to 3.7.4.

Solution:
The vendor has released updates. Please see the references for
more information.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2019-10160
FEDORA-2019-2b1f72899a
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/
FEDORA-2019-50772cf122
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NF3DRDGMVIRYNZMSLJIHNW47HOUQYXVG/
FEDORA-2019-57462fa10d
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4X3HW5JRZ7GCPSR7UHJOLD7AWLTQCDVR/
FEDORA-2019-5dc275c9f2
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/
FEDORA-2019-60a1defcd1
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQEQLXLOCR3SNM3AA5RRYJFQ5AZBYJ4L/
FEDORA-2019-7723d4774a
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/44TS66GJMO5H3RLMVZEBGEFTB6O2LJJU/
FEDORA-2019-7df59302e0
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ORNTF62QPLMJXIQ7KTZQ2776LMIXEKL/
FEDORA-2019-9bfb4a3e4b
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KRYFIMISZ47NTAU3XWZUOFB7CYL62KES/
FEDORA-2019-b06ec6159b
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M34WOYCDKTDE5KLUACE2YIEH7D37KHRX/
FEDORA-2019-d202cda4f8
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JCPGLTTOBB3QEARDX4JOYURP6ELNNA2V/
RHSA-2019:1587
https://access.redhat.com/errata/RHSA-2019:1587
RHSA-2019:1700
https://access.redhat.com/errata/RHSA-2019:1700
RHSA-2019:2437
https://access.redhat.com/errata/RHSA-2019:2437
USN-4127-1
https://usn.ubuntu.com/4127-1/
USN-4127-2
https://usn.ubuntu.com/4127-2/
[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image
https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E
[debian-lts-announce] 20190625 [SECURITY] [DLA 1834-1] python2.7 security update
https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html
[debian-lts-announce] 20200715 [SECURITY] [DLA 2280-1] python3.5 security update
https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html
[debian-lts-announce] 20200822 [SECURITY] [DLA 2337-1] python2.7 security update
https://lists.debian.org/debian-lts-announce/2020/08/msg00034.html
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10160
https://github.com/python/cpython/commit/250b62acc59921d399f0db47db3b462cd6037e09
https://github.com/python/cpython/commit/8d0ef0b5edeae52960c7ed05ae8a12388324f87e
https://github.com/python/cpython/commit/f61599b050c621386a3fc6bc480359e2d3bb93de
https://github.com/python/cpython/commit/fd1771dbdd28709716bd531580c40ae5ed814468
https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization2.html
https://security.netapp.com/advisory/ntap-20190617-0003/
openSUSE-SU-2019:1906
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00042.html
openSUSE-SU-2020:0086
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
CopyrightCopyright (C) 2021 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.