CVE-2016-5699
Description
CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL.
Risk Information
Base Score
6.1
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
35.276
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in Python 3.3.6 | Windows |
| An interactive high-level object-oriented language (USN-2653-1) python2.7_2.7.6-8ubuntu0.3_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-2653-1) python2.7_2.7.6-8ubuntu0.3_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-2653-1) python2.7-minimal_2.7.6-8ubuntu0.3_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-2653-1) python2.7-minimal_2.7.6-8ubuntu0.3_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) python2.7_2.7.3-0ubuntu3.9_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) python2.7_2.7.3-0ubuntu3.9_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) python2.7_2.7.12-1ubuntu0~16.04.1_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) python2.7_2.7.12-1ubuntu0~16.04.1_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) python3.2_3.2.3-0ubuntu3.8_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) python3.2_3.2.3-0ubuntu3.8_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) python3.4_3.4.3-1ubuntu1~14.04.5_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) python3.4_3.4.3-1ubuntu1~14.04.5_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) python3.5_3.5.2-2ubuntu0~16.04.1_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) python3.5_3.5.2-2ubuntu0~16.04.1_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) libpython2.7_2.7.3-0ubuntu3.9_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) libpython2.7_2.7.3-0ubuntu3.9_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) libpython3.2_3.2.3-0ubuntu3.8_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) libpython3.2_3.2.3-0ubuntu3.8_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) python2.7-minimal_2.7.3-0ubuntu3.9_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) python2.7-minimal_2.7.3-0ubuntu3.9_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) python2.7-minimal_2.7.12-1ubuntu0~16.04.1_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) python2.7-minimal_2.7.12-1ubuntu0~16.04.1_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) python3.2-minimal_3.2.3-0ubuntu3.8_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) python3.2-minimal_3.2.3-0ubuntu3.8_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) python3.4-minimal_3.4.3-1ubuntu1~14.04.5_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) python3.4-minimal_3.4.3-1ubuntu1~14.04.5_amd64.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) python3.5-minimal_3.5.2-2ubuntu0~16.04.1_i386.deb | Linux |
| An interactive high-level object-oriented language (USN-3134-1) python3.5-minimal_3.5.2-2ubuntu0~16.04.1_amd64.deb | Linux |
| Python security update (CESA-2016:1626) python-2.6.6-66.el6_8.i686.rpm | Linux |
| Python security update (CESA-2016:1626) python-2.6.6-66.el6_8.x86_64.rpm | Linux |
| Python security update (CESA-2016:1626) tkinter-2.6.6-66.el6_8.i686.rpm | Linux |
| Python security update (CESA-2016:1626) tkinter-2.6.6-66.el6_8.x86_64.rpm | Linux |
| Python security update (CESA-2016:1626) python-libs-2.6.6-66.el6_8.i686.rpm | Linux |
| Python security update (CESA-2016:1626) python-libs-2.6.6-66.el6_8.x86_64.rpm | Linux |
| Python security update (CESA-2016:1626) python-test-2.6.6-66.el6_8.i686.rpm | Linux |
| Python security update (CESA-2016:1626) python-test-2.6.6-66.el6_8.x86_64.rpm | Linux |
| Python security update (CESA-2016:1626) python-devel-2.6.6-66.el6_8.i686.rpm | Linux |
| Python security update (CESA-2016:1626) python-devel-2.6.6-66.el6_8.x86_64.rpm | Linux |
| Python security update (CESA-2016:1626) python-tools-2.6.6-66.el6_8.i686.rpm | Linux |
| Python security update (CESA-2016:1626) python-tools-2.6.6-66.el6_8.x86_64.rpm | Linux |
| (RHSA-2016:1626) Moderate: python security update python-2.6.6-66.el6_8.i686.rpm | Linux |
| (RHSA-2016:1626) Moderate: python security update python-2.6.6-66.el6_8.x86_64.rpm | Linux |
| (RHSA-2016:1626) Moderate: python security update python-devel-2.6.6-66.el6_8.i686.rpm | Linux |
| (RHSA-2016:1626) Moderate: python security update python-devel-2.6.6-66.el6_8.x86_64.rpm | Linux |
| (RHSA-2016:1626) Moderate: python security update python-libs-2.6.6-66.el6_8.i686.rpm | Linux |
| (RHSA-2016:1626) Moderate: python security update python-libs-2.6.6-66.el6_8.x86_64.rpm | Linux |
| (RHSA-2016:1626) Moderate: python security update python-test-2.6.6-66.el6_8.i686.rpm | Linux |
| (RHSA-2016:1626) Moderate: python security update python-test-2.6.6-66.el6_8.x86_64.rpm | Linux |
| (RHSA-2016:1626) Moderate: python security update python-tools-2.6.6-66.el6_8.i686.rpm | Linux |
| (RHSA-2016:1626) Moderate: python security update python-tools-2.6.6-66.el6_8.x86_64.rpm | Linux |
| (RHSA-2016:1626) Moderate: python security update tkinter-2.6.6-66.el6_8.i686.rpm | Linux |
| (RHSA-2016:1626) Moderate: python security update tkinter-2.6.6-66.el6_8.x86_64.rpm | Linux |
| SUSE-SU-2016:2106-1(SUSE Linux Enterprise Desktop 12-SP1 ) libpython2_7-1_0-2.7.9-24.2.x86_64.rpm | Linux |
| SUSE-SU-2016:2106-1(SUSE Linux Enterprise Desktop 12-SP1 ) libpython2_7-1_0-32bit-2.7.9-24.2.x86_64.rpm | Linux |
| SUSE-SU-2016:2106-1(SUSE Linux Enterprise Desktop 12-SP1 ) libpython2_7-1_0-debuginfo-2.7.9-24.2.x86_64.rpm | Linux |
| SUSE-SU-2016:2106-1(SUSE Linux Enterprise Desktop 12-SP1 ) libpython2_7-1_0-debuginfo-32bit-2.7.9-24.2.x86_64.rpm | Linux |
| SUSE-SU-2016:2106-1(SUSE Linux Enterprise Desktop 12-SP1 ) python-2.7.9-24.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2106-1(SUSE Linux Enterprise Server 12-SP1 ) python-32bit-2.7.9-24.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2106-1(SUSE Linux Enterprise Desktop 12-SP1 ) python-base-2.7.9-24.2.x86_64.rpm | Linux |
| SUSE-SU-2016:2106-1(SUSE Linux Enterprise Server 12-SP1 ) python-base-32bit-2.7.9-24.2.x86_64.rpm | Linux |
| SUSE-SU-2016:2106-1(SUSE Linux Enterprise Desktop 12-SP1 ) python-base-debuginfo-2.7.9-24.2.x86_64.rpm | Linux |
| SUSE-SU-2016:2106-1(SUSE Linux Enterprise Desktop 12-SP1 ) python-base-debuginfo-32bit-2.7.9-24.2.x86_64.rpm | Linux |
| SUSE-SU-2016:2106-1(SUSE Linux Enterprise Desktop 12-SP1 ) python-base-debugsource-2.7.9-24.2.x86_64.rpm | Linux |
| SUSE-SU-2016:2106-1(SUSE Linux Enterprise Desktop 12-SP1 ) python-curses-2.7.9-24.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2106-1(SUSE Linux Enterprise Desktop 12-SP1 ) python-curses-debuginfo-2.7.9-24.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2106-1(SUSE Linux Enterprise Desktop 12-SP1 ) python-debuginfo-2.7.9-24.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2106-1(SUSE Linux Enterprise Server 12-SP1 ) python-debuginfo-32bit-2.7.9-24.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2106-1(SUSE Linux Enterprise Desktop 12-SP1 ) python-debugsource-2.7.9-24.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2106-1(SUSE Linux Enterprise Server 12-SP1 ) python-demo-2.7.9-24.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2106-1(SUSE Linux Enterprise Desktop 12-SP1 ) python-devel-2.7.9-24.2.x86_64.rpm | Linux |
| SUSE-SU-2016:2106-1(SUSE Linux Enterprise Server 12-SP1 ) python-doc-2.7.9-24.4.noarch.rpm | Linux |
| SUSE-SU-2016:2106-1(SUSE Linux Enterprise Server 12-SP1 ) python-doc-pdf-2.7.9-24.4.noarch.rpm | Linux |
| SUSE-SU-2016:2106-1(SUSE Linux Enterprise Server 12-SP1 ) python-gdbm-2.7.9-24.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2106-1(SUSE Linux Enterprise Server 12-SP1 ) python-gdbm-debuginfo-2.7.9-24.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2106-1(SUSE Linux Enterprise Server 12-SP1 ) python-idle-2.7.9-24.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2106-1(SUSE Linux Enterprise Desktop 12-SP1 ) python-tk-2.7.9-24.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2106-1(SUSE Linux Enterprise Desktop 12-SP1 ) python-tk-debuginfo-2.7.9-24.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2106-1(SUSE Linux Enterprise Desktop 12-SP1 ) python-xml-2.7.9-24.2.x86_64.rpm | Linux |
| SUSE-SU-2016:2106-1(SUSE Linux Enterprise Desktop 12-SP1 ) python-xml-debuginfo-2.7.9-24.2.x86_64.rpm | Linux |
| SUSE-SU-2016:2653-1(SUSE Linux Enterprise Desktop 12-SP1 ) libpython3_4m1_0-3.4.5-17.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2653-1(SUSE Linux Enterprise Desktop 12-SP1 ) libpython3_4m1_0-debuginfo-3.4.5-17.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2653-1(SUSE Linux Enterprise Desktop 12-SP1 ) python3-3.4.5-17.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2653-1(SUSE Linux Enterprise Desktop 12-SP1 ) python3-base-3.4.5-17.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2653-1(SUSE Linux Enterprise Desktop 12-SP1 ) python3-base-debuginfo-3.4.5-17.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2653-1(SUSE Linux Enterprise Desktop 12-SP1 ) python3-base-debugsource-3.4.5-17.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2653-1(SUSE Linux Enterprise Desktop 12-SP1 ) python3-debuginfo-3.4.5-17.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2653-1(SUSE Linux Enterprise Desktop 12-SP1 ) python3-debugsource-3.4.5-17.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2859-1(SUSE Linux Enterprise Desktop 12-SP2 ) libpython3_4m1_0-3.4.5-19.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2859-1(SUSE Linux Enterprise Desktop 12-SP2 ) libpython3_4m1_0-debuginfo-3.4.5-19.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2859-1(SUSE Linux Enterprise Desktop 12-SP2 ) python3-3.4.5-19.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2859-1(SUSE Linux Enterprise Desktop 12-SP2 ) python3-base-3.4.5-19.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2859-1(SUSE Linux Enterprise Desktop 12-SP2 ) python3-base-debuginfo-3.4.5-19.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2859-1(SUSE Linux Enterprise Desktop 12-SP2 ) python3-base-debugsource-3.4.5-19.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2859-1(SUSE Linux Enterprise Desktop 12-SP2 ) python3-curses-3.4.5-19.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2859-1(SUSE Linux Enterprise Desktop 12-SP2 ) python3-curses-debuginfo-3.4.5-19.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2859-1(SUSE Linux Enterprise Desktop 12-SP2 ) python3-debuginfo-3.4.5-19.1.x86_64.rpm | Linux |
| SUSE-SU-2016:2859-1(SUSE Linux Enterprise Desktop 12-SP2 ) python3-debugsource-3.4.5-19.1.x86_64.rpm | Linux |
| Improper Neutralization of CRLF Sequences in HTTP Headers (HTTP Request/Response Splitting) Vulnerability (CVE-2016-5699) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234