Page 10 of 58 results (0.011 seconds)

CVSS: 6.1EPSS: 0%CPEs: 27EXPL: 2

CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL. Vulnerabilidad de inyección CRLF en la función HTTPConnection.putheader en urllib2 y urllib en CPython (también conocido como Python) en versiones anteriores a 2.7.10 y 3.x en versiones anteriores a 3.4.4 permite a atacantes remotos inyectar cabeceras HTTP arbitrarias a través de secuencias CRLF en una URL. It was found that the Python's httplib library (used by urllib, urllib2 and others) did not properly check HTTPConnection.putheader() function arguments. An attacker could use this flaw to inject additional headers in a Python application that allowed user provided header names or values. • https://github.com/bunseokbot/CVE-2016-5699-poc http://blog.blindspotsecurity.com/2016/06/advisory-http-header-injection-in.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html http://rhn.redhat.com/errata/RHSA-2016-1626.html http://rhn.redhat.com/errata/RHSA-2016-1627.html http://rhn.redhat.com/errata/RHSA-2016-1628.html http://rhn.redhat.com/errata/RHSA-2016-1629.html http://rhn.redhat.com/errata/RHSA-2016-1630.html http://www.openwall.com • CWE-20: Improper Input Validation CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •

CVSS: 6.1EPSS: 15%CPEs: 8EXPL: 0

The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests. La clase CGIHandler en Python versiones anteriores a la versión 2.7.12, no protege contra el conflicto de nombre de la variable HTTP_PROXY en un script CGI, lo que podría permitir a un atacante remoto redireccionar las peticiones HTTP. It was discovered that the Python CGIHandler class did not properly protect against the HTTP_PROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a Python CGI script to an attacker-controlled proxy via a malicious HTTP request. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000110 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2016-1000110 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7K3WFJO3SJQCODKRKU6EQV3ZGHH53YPU https://security-tracker.debian.org/tracker/CVE-2016-1000110 https://access.redhat.com/security/cve/CVE-2016-1000110 https://bugzilla.redhat.com/show_bug.cgi?id=1357334 • CWE-20: Improper Input Validation CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 8.1EPSS: 1%CPEs: 8EXPL: 0

The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716. La protección de desbordamiento en Expat es eliminada por los compiladores con ciertos ajustes de optimización, lo que permite a atacantes remotos provocar una denegación de servicio (caída) o posiblemente ejecutar código arbitrario a través de datos XML manipulados. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2015-1283 y CVE-2015-2716. • http://www.securityfocus.com/bid/91528 http://www.ubuntu.com/usn/USN-3013-1 https://bugzilla.redhat.com/show_bug.cgi?id=1344251 https://kc.mcafee.com/corporate/index?page=content&id=SB10365 https://security.gentoo.org/glsa/201701-21 https://sourceforge.net/p/expat/code_git/ci/f0bec73b018caa07d3e75ec8dd967f3785d71bde https://www.tenable.com/security/tns-2016-20 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.8EPSS: 0%CPEs: 26EXPL: 0

Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. Expat permite a atacantes dependientes del contexto provocar una denegación de servicio (caída) o posiblemente ejecutar código arbitrario a través de un documento de entrada mal formado, lo que desencadena un desbordamiento de buffer. An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, possibly, execute arbitrary code with the permission of the user running the application. • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-08 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •

CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0

Untrusted search path vulnerability in python.exe in Python through 3.5.0 on Windows allows local users to gain privileges via a Trojan horse readline.pyd file in the current working directory. NOTE: the vendor says "It was determined that this is a longtime behavior of Python that cannot really be altered at this point." Vulnerabilidad de busqueda de ruta no confiable en python.exe en Python hasta la versión 3.5.0 en Windows, permite a usuarios locales obtener privilegios a través de un Troyano en el archivo readline.pyd en el directorio de trabajo actual. NOTA: el vendedor afirma 'Está determinado que es un comportamiento antiguo de Python que en realidad no puede ser alterado en estos momentos'. • http://jvn.jp/en/jp/JVN49503705/995204/index.html http://jvn.jp/en/jp/JVN49503705/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2015-000141 http://www.securityfocus.com/bid/76929 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755 •