CVE-2016-1000110
Description
The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests.
Risk Information
Base Score
6.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
9.899
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| An interactive high-level object-oriented language (USN-2653-1) python2.7_2.7.6-8ubuntu0.3_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-2653-1) python2.7_2.7.6-8ubuntu0.3_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-2653-1) python2.7-minimal_2.7.6-8ubuntu0.3_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-2653-1) python2.7-minimal_2.7.6-8ubuntu0.3_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) python2.7_2.7.3-0ubuntu3.9_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) python2.7_2.7.3-0ubuntu3.9_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) python2.7_2.7.12-1ubuntu0~16.04.1_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) python2.7_2.7.12-1ubuntu0~16.04.1_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) python3.2_3.2.3-0ubuntu3.8_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) python3.2_3.2.3-0ubuntu3.8_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) python3.4_3.4.3-1ubuntu1~14.04.5_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) python3.4_3.4.3-1ubuntu1~14.04.5_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) python3.5_3.5.2-2ubuntu0~16.04.1_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) python3.5_3.5.2-2ubuntu0~16.04.1_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) libpython2.7_2.7.3-0ubuntu3.9_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) libpython2.7_2.7.3-0ubuntu3.9_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) libpython3.2_3.2.3-0ubuntu3.8_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) libpython3.2_3.2.3-0ubuntu3.8_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) python2.7-minimal_2.7.3-0ubuntu3.9_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) python2.7-minimal_2.7.3-0ubuntu3.9_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) python2.7-minimal_2.7.12-1ubuntu0~16.04.1_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) python2.7-minimal_2.7.12-1ubuntu0~16.04.1_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) python3.2-minimal_3.2.3-0ubuntu3.8_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) python3.2-minimal_3.2.3-0ubuntu3.8_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) python3.4-minimal_3.4.3-1ubuntu1~14.04.5_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) python3.4-minimal_3.4.3-1ubuntu1~14.04.5_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) python3.5-minimal_3.5.2-2ubuntu0~16.04.1_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) python3.5-minimal_3.5.2-2ubuntu0~16.04.1_amd64.deb | Linux |
| Python security update (CESA-2016:1626) python-2.6.6-66.el6_8.i686.rpm | Linux |
| Python security update (CESA-2016:1626) python-2.6.6-66.el6_8.x86_64.rpm | Linux |
| Python security update (CESA-2016:1626) tkinter-2.6.6-66.el6_8.i686.rpm | Linux |
| Python security update (CESA-2016:1626) tkinter-2.6.6-66.el6_8.x86_64.rpm | Linux |
| Python security update (CESA-2016:1626) python-libs-2.6.6-66.el6_8.i686.rpm | Linux |
| Python security update (CESA-2016:1626) python-libs-2.6.6-66.el6_8.x86_64.rpm | Linux |
| Python security update (CESA-2016:1626) python-test-2.6.6-66.el6_8.i686.rpm | Linux |
| Python security update (CESA-2016:1626) python-test-2.6.6-66.el6_8.x86_64.rpm | Linux |
| Python security update (CESA-2016:1626) python-devel-2.6.6-66.el6_8.i686.rpm | Linux |
| Python security update (CESA-2016:1626) python-devel-2.6.6-66.el6_8.x86_64.rpm | Linux |
| Python security update (CESA-2016:1626) python-tools-2.6.6-66.el6_8.i686.rpm | Linux |
| Python security update (CESA-2016:1626) python-tools-2.6.6-66.el6_8.x86_64.rpm | Linux |
| (RHSA-2016:1626) Moderate: python security update python-2.6.6-66.el6_8.i686.rpm | Linux |
| (RHSA-2016:1626) Moderate: python security update python-2.6.6-66.el6_8.x86_64.rpm | Linux |
| (RHSA-2016:1626) Moderate: python security update python-devel-2.6.6-66.el6_8.i686.rpm | Linux |
| (RHSA-2016:1626) Moderate: python security update python-devel-2.6.6-66.el6_8.x86_64.rpm | Linux |
| (RHSA-2016:1626) Moderate: python security update python-libs-2.6.6-66.el6_8.i686.rpm | Linux |
| (RHSA-2016:1626) Moderate: python security update python-libs-2.6.6-66.el6_8.x86_64.rpm | Linux |
| (RHSA-2016:1626) Moderate: python security update python-test-2.6.6-66.el6_8.i686.rpm | Linux |
| (RHSA-2016:1626) Moderate: python security update python-test-2.6.6-66.el6_8.x86_64.rpm | Linux |
| (RHSA-2016:1626) Moderate: python security update python-tools-2.6.6-66.el6_8.i686.rpm | Linux |
| (RHSA-2016:1626) Moderate: python security update python-tools-2.6.6-66.el6_8.x86_64.rpm | Linux |
| (RHSA-2016:1626) Moderate: python security update tkinter-2.6.6-66.el6_8.i686.rpm | Linux |
| (RHSA-2016:1626) Moderate: python security update tkinter-2.6.6-66.el6_8.x86_64.rpm | Linux |
| SUSE-SU-2016:2106-1(SUSE Linux Enterprise Desktop 12-SP1 ) libpython2_7-1_0-2.7.9-24.2.x86_64.rpm | Linux |
| SUSE-SU-2016:2106-1(SUSE Linux Enterprise Desktop 12-SP1 ) libpython2_7-1_0-32bit-2.7.9-24.2.x86_64.rpm | Linux |
| SUSE-SU-2016:2106-1(SUSE Linux Enterprise Desktop 12-SP1 ) libpython2_7-1_0-debuginfo-2.7.9-24.2.x86_64.rpm | Linux |
| SUSE-SU-2016:2106-1(SUSE Linux Enterprise Desktop 12-SP1 ) libpython2_7-1_0-debuginfo-32bit-2.7.9-24.2.x86_64.rpm | Linux |
| SUSE-SU-2016:2106-1(SUSE Linux Enterprise Desktop 12-SP1 ) python-2.7.9-24.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2106-1(SUSE Linux Enterprise Server 12-SP1 ) python-32bit-2.7.9-24.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2106-1(SUSE Linux Enterprise Desktop 12-SP1 ) python-base-2.7.9-24.2.x86_64.rpm | Linux |
| SUSE-SU-2016:2106-1(SUSE Linux Enterprise Server 12-SP1 ) python-base-32bit-2.7.9-24.2.x86_64.rpm | Linux |
| SUSE-SU-2016:2106-1(SUSE Linux Enterprise Desktop 12-SP1 ) python-base-debuginfo-2.7.9-24.2.x86_64.rpm | Linux |
| SUSE-SU-2016:2106-1(SUSE Linux Enterprise Desktop 12-SP1 ) python-base-debuginfo-32bit-2.7.9-24.2.x86_64.rpm | Linux |
| SUSE-SU-2016:2106-1(SUSE Linux Enterprise Desktop 12-SP1 ) python-base-debugsource-2.7.9-24.2.x86_64.rpm | Linux |
| SUSE-SU-2016:2106-1(SUSE Linux Enterprise Desktop 12-SP1 ) python-curses-2.7.9-24.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2106-1(SUSE Linux Enterprise Desktop 12-SP1 ) python-curses-debuginfo-2.7.9-24.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2106-1(SUSE Linux Enterprise Desktop 12-SP1 ) python-debuginfo-2.7.9-24.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2106-1(SUSE Linux Enterprise Server 12-SP1 ) python-debuginfo-32bit-2.7.9-24.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2106-1(SUSE Linux Enterprise Desktop 12-SP1 ) python-debugsource-2.7.9-24.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2106-1(SUSE Linux Enterprise Server 12-SP1 ) python-demo-2.7.9-24.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2106-1(SUSE Linux Enterprise Desktop 12-SP1 ) python-devel-2.7.9-24.2.x86_64.rpm | Linux |
| SUSE-SU-2016:2106-1(SUSE Linux Enterprise Server 12-SP1 ) python-doc-2.7.9-24.4.noarch.rpm | Linux |
| SUSE-SU-2016:2106-1(SUSE Linux Enterprise Server 12-SP1 ) python-doc-pdf-2.7.9-24.4.noarch.rpm | Linux |
| SUSE-SU-2016:2106-1(SUSE Linux Enterprise Server 12-SP1 ) python-gdbm-2.7.9-24.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2106-1(SUSE Linux Enterprise Server 12-SP1 ) python-gdbm-debuginfo-2.7.9-24.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2106-1(SUSE Linux Enterprise Server 12-SP1 ) python-idle-2.7.9-24.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2106-1(SUSE Linux Enterprise Desktop 12-SP1 ) python-tk-2.7.9-24.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2106-1(SUSE Linux Enterprise Desktop 12-SP1 ) python-tk-debuginfo-2.7.9-24.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2106-1(SUSE Linux Enterprise Desktop 12-SP1 ) python-xml-2.7.9-24.2.x86_64.rpm | Linux |
| SUSE-SU-2016:2106-1(SUSE Linux Enterprise Desktop 12-SP1 ) python-xml-debuginfo-2.7.9-24.2.x86_64.rpm | Linux |
| SUSE-SU-2016:2653-1(SUSE Linux Enterprise Desktop 12-SP1 ) libpython3_4m1_0-3.4.5-17.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2653-1(SUSE Linux Enterprise Desktop 12-SP1 ) libpython3_4m1_0-debuginfo-3.4.5-17.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2653-1(SUSE Linux Enterprise Desktop 12-SP1 ) python3-3.4.5-17.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2653-1(SUSE Linux Enterprise Desktop 12-SP1 ) python3-base-3.4.5-17.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2653-1(SUSE Linux Enterprise Desktop 12-SP1 ) python3-base-debuginfo-3.4.5-17.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2653-1(SUSE Linux Enterprise Desktop 12-SP1 ) python3-base-debugsource-3.4.5-17.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2653-1(SUSE Linux Enterprise Desktop 12-SP1 ) python3-debuginfo-3.4.5-17.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2653-1(SUSE Linux Enterprise Desktop 12-SP1 ) python3-debugsource-3.4.5-17.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2859-1(SUSE Linux Enterprise Desktop 12-SP2 ) libpython3_4m1_0-3.4.5-19.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2859-1(SUSE Linux Enterprise Desktop 12-SP2 ) libpython3_4m1_0-debuginfo-3.4.5-19.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2859-1(SUSE Linux Enterprise Desktop 12-SP2 ) python3-3.4.5-19.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2859-1(SUSE Linux Enterprise Desktop 12-SP2 ) python3-base-3.4.5-19.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2859-1(SUSE Linux Enterprise Desktop 12-SP2 ) python3-base-debuginfo-3.4.5-19.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2859-1(SUSE Linux Enterprise Desktop 12-SP2 ) python3-base-debugsource-3.4.5-19.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2859-1(SUSE Linux Enterprise Desktop 12-SP2 ) python3-curses-3.4.5-19.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2859-1(SUSE Linux Enterprise Desktop 12-SP2 ) python3-curses-debuginfo-3.4.5-19.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2859-1(SUSE Linux Enterprise Desktop 12-SP2 ) python3-debuginfo-3.4.5-19.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2859-1(SUSE Linux Enterprise Desktop 12-SP2 ) python3-debugsource-3.4.5-19.1.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234