Bug 1357334 (CVE-2016-1000110)
Summary: | CVE-2016-1000110 Python CGIHandler: sets environmental variable based on user supplied Proxy request header | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Kurt Seifried <kseifried> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | adev88, anemec, bkabrda, cstratak, derks, dmalcolm, hhorak, ivazqueznet, jeffrey.ness, jonathansteffan, jorton, katzj, kevin, kseifried, mhroncok, ncoghlan, pviktori, python-maint, rkuska, security-response-team, slawomir, tomspur, torsava, yozone |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
It was discovered that the Python CGIHandler class did not properly protect against the HTTP_PROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a Python CGI script to an attacker-controlled proxy via a malicious HTTP request.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2016-10-13 08:59:50 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1359161, 1359162, 1359163, 1359164, 1359167, 1359168, 1359169, 1359170, 1359171, 1359172, 1359173, 1359174, 1359175, 1359177, 1359178, 1359179 | ||
Bug Blocks: | 1353762 |
Description
Kurt Seifried
2016-07-18 03:34:46 UTC
Acknowledgments: Name: Scott Geary (VendHQ) Created python tracking bugs for this issue: Affects: fedora-all [bug 1359175] Created python26 tracking bugs for this issue: Affects: epel-5 [bug 1359178] Created python3 tracking bugs for this issue: Affects: fedora-all [bug 1359177] Created python34 tracking bugs for this issue: Affects: epel-7 [bug 1359179] This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS Via RHSA-2016:1627 https://rhn.redhat.com/errata/RHSA-2016-1627.html This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 6 Via RHSA-2016:1626 https://rhn.redhat.com/errata/RHSA-2016-1626.html This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6 Via RHSA-2016:1628 https://rhn.redhat.com/errata/RHSA-2016-1628.html This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6 Via RHSA-2016:1630 https://rhn.redhat.com/errata/RHSA-2016-1630.html This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6 Via RHSA-2016:1629 https://rhn.redhat.com/errata/RHSA-2016-1629.html |