cbcvebase.
CVE-2016-1000110
published 2019-11-27

CVE-2016-1000110: The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker…

PriorityP276medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
ITWVulnCheck KEV
Exploited in the wild
EPSS
4.53%
90.4th percentile
The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests.

Affected

9 ranges
VendorProductVersion rangeFixed in
debiandebian_linux
debiandebian_linux
debiandebian_linux
debianpython2.7< python2.7 2.7.12-2 (bullseye)python2.7 2.7.12-2 (bullseye)
fedoraprojectfedora
pythonpython>= 2.7.0 < 2.7.132.7.13
pythonpython>= 3.3.0 < 3.3.73.3.7
pythonpython>= 3.4.0 < 3.4.63.4.6
pythonpython>= 3.5.0 < 3.5.33.5.3

Detection & IOCsextracted from sources · hover to see the quote

  • Monitor CGI process environments for the presence of HTTP_PROXY being set from an inbound HTTP Proxy request header, which indicates exploitation of this vulnerability.
  • Alert on CGI applications where the HTTP_PROXY environment variable is populated from user-supplied input (i.e., the Proxy HTTP header), as this allows attackers to view potentially sensitive information, reply with malformed data, or hold connections open causing denial of service.
  • ·The vulnerability affects Python's CGIHandler class before version 2.7.12; deployments running Python CGI applications on versions prior to 2.7.12 (or equivalent patched builds) remain exposed.
  • ·Red Hat Enterprise Linux 4 will not receive a fix; RHEL 5 remains affected. Operators on these platforms must apply compensating controls.

CVSS provenance

nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:N
osv6.5MEDIUM
vulncheck6.1MEDIUM
vendor_ubuntu6.5MEDIUM
vendor_debian6.1LOW
vendor_redhat6.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.