CVE-2018-20852
python: Cookie domain check returns incorrect results
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.
http.cookiejar.DefaultPolicy.domain_return_ok en Lib / http / cookiejar.py en Python en versiones anteriores a la 3.7.3 no valida correctamente el dominio: se puede engañar para que envíe las cookies existentes al servidor incorrecto. Un atacante puede abusar de este fallo al usar un servidor con un nombre de host que tiene otro nombre de host válido como sufijo (por ejemplo, pythonicexample.com para robar cookies para example.com). Cuando un programa utiliza http.cookiejar.DefaultPolicy e intenta hacer una conexión HTTP a un servidor controlado por un atacante, las cookies existentes pueden ser filtradas al atacante. Esto afecta a la versión 2.x hasta la versión 2.7.16, versión 3.x en versiones anteriores a la 3.4.10, versión 3.5.x en versiones anteriores a la 3.5.7, versión 3.6.x en versiones anteriores a la 3.6.9 y versión 3.7.x en versiones anteriores a la 3.7.3.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-07-13 CVE Reserved
- 2019-07-13 CVE Published
- 2024-07-06 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-20: Improper Input Validation
CAPEC
References (20)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2019/08/msg00022.html | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2019/08/msg00040.html | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2020/08/msg00034.html | Mailing List |
|
| https://www.oracle.com/security-alerts/cpuapr2020.html | X_refsource_misc |
|
| URL | Date | SRC |
|---|---|---|
| https://bugs.python.org/issue35121 | 2024-08-05 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | >= 2.0 <= 2.7.16 Search vendor "Python" for product "Python" and version " >= 2.0 <= 2.7.16" | - |
Affected
| ||||||
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | >= 3.0.0 < 3.4.10 Search vendor "Python" for product "Python" and version " >= 3.0.0 < 3.4.10" | - |
Affected
| ||||||
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | >= 3.5.0 < 3.5.7 Search vendor "Python" for product "Python" and version " >= 3.5.0 < 3.5.7" | - |
Affected
| ||||||
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | >= 3.6.0 < 3.6.9 Search vendor "Python" for product "Python" and version " >= 3.6.0 < 3.6.9" | - |
Affected
| ||||||
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | >= 3.7.0 < 3.7.3 Search vendor "Python" for product "Python" and version " >= 3.7.0 < 3.7.3" | - |
Affected
| ||||||