ID CVE-2016-1000110
Summary The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests.
References
Vulnerable Configurations
CVSS
Base: 5.0
Impact:
Exploitability:
Access
VectorComplexityAuthentication
Impact
ConfidentialityIntegrityAvailability
redhat via4
advisories
bugzilla
id 1365200
title Upstream tests cause building python package on brew stall and leave orphan processes that need manually kill
oval
OR
  • AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhba:tst:20150364001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhba:tst:20150364002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhba:tst:20150364003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20150364004
    • OR
      • AND
        • comment python is earlier than 0:2.7.5-38.el7_2
          oval oval:com.redhat.rhsa:tst:20161626013
        • comment python is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110554008
      • AND
        • comment python-debug is earlier than 0:2.7.5-38.el7_2
          oval oval:com.redhat.rhsa:tst:20161626015
        • comment python-debug is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152101016
      • AND
        • comment python-devel is earlier than 0:2.7.5-38.el7_2
          oval oval:com.redhat.rhsa:tst:20161626007
        • comment python-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110554010
      • AND
        • comment python-libs is earlier than 0:2.7.5-38.el7_2
          oval oval:com.redhat.rhsa:tst:20161626017
        • comment python-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110554014
      • AND
        • comment python-test is earlier than 0:2.7.5-38.el7_2
          oval oval:com.redhat.rhsa:tst:20161626009
        • comment python-test is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110554016
      • AND
        • comment python-tools is earlier than 0:2.7.5-38.el7_2
          oval oval:com.redhat.rhsa:tst:20161626005
        • comment python-tools is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110554012
      • AND
        • comment tkinter is earlier than 0:2.7.5-38.el7_2
          oval oval:com.redhat.rhsa:tst:20161626011
        • comment tkinter is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110554018
  • AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhba:tst:20111656001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhba:tst:20111656002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20111656004
    • OR
      • AND
        • comment python is earlier than 0:2.6.6-66.el6_8
          oval oval:com.redhat.rhsa:tst:20161626023
        • comment python is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110554008
      • AND
        • comment python-devel is earlier than 0:2.6.6-66.el6_8
          oval oval:com.redhat.rhsa:tst:20161626026
        • comment python-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110554010
      • AND
        • comment python-libs is earlier than 0:2.6.6-66.el6_8
          oval oval:com.redhat.rhsa:tst:20161626028
        • comment python-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110554014
      • AND
        • comment python-test is earlier than 0:2.6.6-66.el6_8
          oval oval:com.redhat.rhsa:tst:20161626025
        • comment python-test is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110554016
      • AND
        • comment python-tools is earlier than 0:2.6.6-66.el6_8
          oval oval:com.redhat.rhsa:tst:20161626024
        • comment python-tools is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110554012
      • AND
        • comment tkinter is earlier than 0:2.6.6-66.el6_8
          oval oval:com.redhat.rhsa:tst:20161626027
        • comment tkinter is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110554018
rhsa
id RHSA-2016:1626
released 2016-08-18
severity Moderate
title RHSA-2016:1626: python security update (Moderate)
rpms
  • python-0:2.7.5-38.el7_2
  • python-debug-0:2.7.5-38.el7_2
  • python-devel-0:2.7.5-38.el7_2
  • python-libs-0:2.7.5-38.el7_2
  • python-test-0:2.7.5-38.el7_2
  • python-tools-0:2.7.5-38.el7_2
  • tkinter-0:2.7.5-38.el7_2
  • python-0:2.6.6-66.el6_8
  • python-devel-0:2.6.6-66.el6_8
  • python-libs-0:2.6.6-66.el6_8
  • python-test-0:2.6.6-66.el6_8
  • python-tools-0:2.6.6-66.el6_8
  • tkinter-0:2.6.6-66.el6_8
Last major update 27-11-2019 - 17:15
Published 27-11-2019 - 17:15
Last modified 29-11-2019 - 12:24
Back to Top