Fluid Attacks Database

Description

The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	python2.7	>=0 <2.7.12-2	2.7.12-2
rpm rhel7	python	<0:2.7.5-38.el7_2	0:2.7.5-38.el7_2
rpm rhel5	python	-	-
rpm rhel6	python	<0:2.6.6-66.el6_8	0:2.6.6-66.el6_8

Aliases

1. CVE-2016-10001102. NVD-2016-10001103. OSV-DEBIAN-2016-10001104. OSV-2016-10001105. SECURITY-TRACKER-CVE-2016-1000110

References

1. https://vulncheck.com/cve/CVE-2016-1000110

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.