Test ID:	1.3.6.1.4.1.25623.1.0.809219
Category:	Web application abuses
Title:	CPython CRLF Injection Vulnerability (Linux)
Summary:	CPython is prone to a CRLF injection vulnerability.
Description:	Summary: CPython is prone to a CRLF injection vulnerability. Vulnerability Insight: The flaw exists because the httplib library does not properly check 'HTTPConnection.putheader' function arguments. Vulnerability Impact: Successful exploitation will allow remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL. Affected Software/OS: CPython before 2.7.10 and 3.x before 3.4.4. Solution: Update to CPython version 2.7.10, 3.4.4, or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	BugTraq ID: 91226 Common Vulnerability Exposure (CVE) ID: CVE-2016-5699 http://www.securityfocus.com/bid/91226 http://blog.blindspotsecurity.com/2016/06/advisory-http-header-injection-in.html https://lists.debian.org/debian-lts-announce/2019/02/msg00011.html http://www.openwall.com/lists/oss-security/2016/06/14/7 http://www.openwall.com/lists/oss-security/2016/06/15/12 http://www.openwall.com/lists/oss-security/2016/06/16/2 RedHat Security Advisories: RHSA-2016:1626 http://rhn.redhat.com/errata/RHSA-2016-1626.html RedHat Security Advisories: RHSA-2016:1627 http://rhn.redhat.com/errata/RHSA-2016-1627.html RedHat Security Advisories: RHSA-2016:1628 http://rhn.redhat.com/errata/RHSA-2016-1628.html RedHat Security Advisories: RHSA-2016:1629 http://rhn.redhat.com/errata/RHSA-2016-1629.html RedHat Security Advisories: RHSA-2016:1630 http://rhn.redhat.com/errata/RHSA-2016-1630.html SuSE Security Announcement: openSUSE-SU-2020:0086 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
Copyright	Copyright (C) 2016 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.