CVE-2019-10160

python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.

Se descubrió una regresión de seguridad de CVE-2019-9636 en python desde commit con ID d537ab0ff9767ef024f26246899728f0116b1ec3 que afecta a las versiones 2.7, 3.5, 3.6, 3.7 y de v3.8.0a4 a v3.8.0b1, el cual permite a un atacante explotar CVE-2019-9636 violando las partes usuario (user) y contraseña (password) de una URL. Cuando una aplicación analiza las URL proporcionadas por el usuario para almacenar cookies, credenciales de autenticación u otro tipo de información, es posible que un atacante proporcione URL especialmente creadas para que la aplicación ubique información relacionada con el host (por ejemplo, cookies, datos de autenticación) y envíe a un host diferente al que debería, a diferencia de si las URL se analizaron correctamente. El resultado de un ataque puede variar según la aplicación.

A security regression of CVE-2019-9636 was discovered in python, since commit d537ab0ff9767ef024f26246899728f0116b1ec3, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2019-03-27 CVE Reserved
2019-06-07 CVE Published
2024-08-04 CVE Updated
2024-10-28 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-172: Encoding Error
CWE-522: Insufficiently Protected Credentials

CAPEC

References (30)

URL	Tag	Source
https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E	Mailing List
https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html	Mailing List
https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html	Mailing List
https://lists.debian.org/debian-lts-announce/2020/08/msg00034.html	Mailing List
https://security.netapp.com/advisory/ntap-20190617-0003	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10160	2023-02-12
https://github.com/python/cpython/commit/250b62acc59921d399f0db47db3b462cd6037e09	2023-02-12
https://github.com/python/cpython/commit/8d0ef0b5edeae52960c7ed05ae8a12388324f87e	2023-02-12
https://github.com/python/cpython/commit/f61599b050c621386a3fc6bc480359e2d3bb93de	2023-02-12
https://github.com/python/cpython/commit/fd1771dbdd28709716bd531580c40ae5ed814468	2023-02-12
https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization2.html	2023-02-12

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00042.html	2023-02-12
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html	2023-02-12
https://access.redhat.com/errata/RHSA-2019:1587	2023-02-12
https://access.redhat.com/errata/RHSA-2019:1700	2023-02-12
https://access.redhat.com/errata/RHSA-2019:2437	2023-02-12
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ORNTF62QPLMJXIQ7KTZQ2776LMIXEKL	2023-02-12
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/44TS66GJMO5H3RLMVZEBGEFTB6O2LJJU	2023-02-12
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4X3HW5JRZ7GCPSR7UHJOLD7AWLTQCDVR	2023-02-12
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY	2023-02-12
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ	2023-02-12
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQEQLXLOCR3SNM3AA5RRYJFQ5AZBYJ4L	2023-02-12
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JCPGLTTOBB3QEARDX4JOYURP6ELNNA2V	2023-02-12
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KRYFIMISZ47NTAU3XWZUOFB7CYL62KES	2023-02-12
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M34WOYCDKTDE5KLUACE2YIEH7D37KHRX	2023-02-12
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NF3DRDGMVIRYNZMSLJIHNW47HOUQYXVG	2023-02-12
https://usn.ubuntu.com/4127-1	2023-02-12
https://usn.ubuntu.com/4127-2	2023-02-12
https://access.redhat.com/security/cve/CVE-2019-10160	2019-08-12
https://bugzilla.redhat.com/show_bug.cgi?id=1718388	2019-08-12

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Redhat Search vendor "Redhat"	Virtualization Search vendor "Redhat" for product "Virtualization"	4.0 Search vendor "Redhat" for product "Virtualization" and version "4.0"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"	7.0 Search vendor "Redhat" for product "Enterprise Linux" and version "7.0"	-	Safe
Python Search vendor "Python"		Python Search vendor "Python" for product "Python"				>= 2.7.0 < 2.7.17 Search vendor "Python" for product "Python" and version " >= 2.7.0 < 2.7.17"		-		Affected
Python Search vendor "Python"		Python Search vendor "Python" for product "Python"				>= 3.5.0 < 3.5.8 Search vendor "Python" for product "Python" and version " >= 3.5.0 < 3.5.8"		-		Affected
Python Search vendor "Python"		Python Search vendor "Python" for product "Python"				>= 3.6.0 < 3.6.9 Search vendor "Python" for product "Python" and version " >= 3.6.0 < 3.6.9"		-		Affected
Python Search vendor "Python"		Python Search vendor "Python" for product "Python"				>= 3.7.0 < 3.7.4 Search vendor "Python" for product "Python" and version " >= 3.7.0 < 3.7.4"		-		Affected
Python Search vendor "Python"		Python Search vendor "Python" for product "Python"				3.8.0 Search vendor "Python" for product "Python" and version "3.8.0"		alpha4		Affected
Python Search vendor "Python"		Python Search vendor "Python" for product "Python"				3.8.0 Search vendor "Python" for product "Python" and version "3.8.0"		beta1		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop"				7.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "7.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus"				7.6 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "7.6"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server"				7.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus"				7.6 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.6"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus"				7.6 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.6"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation"				7.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "7.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0"		-		Affected
Opensuse Search vendor "Opensuse"		Leap Search vendor "Opensuse" for product "Leap"				15.0 Search vendor "Opensuse" for product "Leap" and version "15.0"		-		Affected
Opensuse Search vendor "Opensuse"		Leap Search vendor "Opensuse" for product "Leap"				15.1 Search vendor "Opensuse" for product "Leap" and version "15.1"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				29 Search vendor "Fedoraproject" for product "Fedora" and version "29"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				30 Search vendor "Fedoraproject" for product "Fedora" and version "30"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				31 Search vendor "Fedoraproject" for product "Fedora" and version "31"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04"		esm		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04"		esm		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04"		lts		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				19.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "19.04"		-		Affected
Netapp Search vendor "Netapp"		Cloud Backup Search vendor "Netapp" for product "Cloud Backup"				-		-		Affected
Netapp Search vendor "Netapp"		Converged Systems Advisor Agent Search vendor "Netapp" for product "Converged Systems Advisor Agent"				-		-		Affected