CVE-2016-1000110 — Open Redirect in Python
Severity
6.1MEDIUMNVD
OSV6.5
EPSS
5.9%
top 9.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedNov 27
Latest updateMay 24
Description
The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7
Affected Packages2 packages
Also affects: Debian Linux 10.0, 8.0, 9.0, Fedora 23
🔴Vulnerability Details
4📋Vendor Advisories
3💬Community
5Bugzilla▶
CVE-2016-1000110 python3: Python CGIHandler: sets environmental variable based on user supplied Proxy request header [fedora-all]↗2016-07-22
Bugzilla▶
CVE-2016-1000110 python: Python CGIHandler: sets environmental variable based on user supplied Proxy request header [fedora-all]↗2016-07-22
Bugzilla▶
CVE-2016-1000110 python34: Python CGIHandler: sets environmental variable based on user supplied Proxy request header [epel-7]↗2016-07-22
Bugzilla▶
CVE-2016-1000110 python26: Python CGIHandler: sets environmental variable based on user supplied Proxy request header [epel-5]↗2016-07-22
Bugzilla▶
CVE-2016-1000110 Python CGIHandler: sets environmental variable based on user supplied Proxy request header↗2016-07-18