CVE-2016-1000110

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-1000110

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-1000110.json

Aliases

PSF-2019-2

Related

USN-3134-1

Published

2019-11-27T17:15:14Z

Modified

2024-05-13T23:40:04Z

Summary

[none]

Details

The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests.

References

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000110
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2016-1000110
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7K3WFJO3SJQCODKRKU6EQV3ZGHH53YPU/
https://security-tracker.debian.org/tracker/CVE-2016-1000110

Affected packages

Git / github.com/python/cpython

Affected ranges

Type: GIT
Repo: https://github.com/python/cpython
Events: Introduced

2e789a1f1d84b343a996e8654590703b5fbdd441

Introduced

3101b7076270756f8be699358c69c5d15ea2cc48

Introduced

e054f452bd9118def58c18aa295662c9845e1c89

Fixed

17bf6b4671ec02d80ad29b278639d5307baddeb5