CVE-2016-1000111

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2016-1000111
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-1000111.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-1000111
Aliases
Related
Published
2020-03-11T20:15:11Z
Modified
2024-06-30T12:41:18.784119Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.

References

Affected packages

Debian:11 / twisted

Package

Name
twisted
Purl
pkg:deb/debian/twisted?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
16.4.0-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / twisted

Package

Name
twisted
Purl
pkg:deb/debian/twisted?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
16.4.0-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / twisted

Package

Name
twisted
Purl
pkg:deb/debian/twisted?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
16.4.0-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Git / github.com/twisted/twisted

Affected ranges

Type
GIT
Repo
https://github.com/twisted/twisted
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

twisted-16.*

twisted-16.2.0
twisted-16.3.0