Vulnerabilities > CVE-2016-1000110 - Open Redirect vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
LOW Availability impact
NONE Summary
The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Fake the Source of Data An adversary provides data under a falsified identity. The purpose of using the falsified identity may be to prevent traceability of the provided data or it might be an attempt by the adversary to assume the rights granted to another identity. One of the simplest forms of this attack would be the creation of an email message with a modified "From" field in order to appear that the message was sent from someone other than the actual sender. Results of the attack vary depending on the details of the attack, but common results include privilege escalation, obfuscation of other attacks, and data corruption/manipulation.
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2016-9FD814A7F2.NASL description Fix for CVE-2016-1000110 HTTPoxy attack Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-08-12 plugin id 92882 published 2016-08-12 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/92882 title Fedora 24 : python (2016-9fd814a7f2) (httpoxy) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2016-9fd814a7f2. # include("compat.inc"); if (description) { script_id(92882); script_version("2.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2016-1000110"); script_xref(name:"FEDORA", value:"2016-9fd814a7f2"); script_name(english:"Fedora 24 : python (2016-9fd814a7f2) (httpoxy)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Fix for CVE-2016-1000110 HTTPoxy attack Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2016-9fd814a7f2" ); script_set_attribute( attribute:"solution", value:"Update the affected python package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:python"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:24"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/11/27"); script_set_attribute(attribute:"patch_publication_date", value:"2016/08/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/08/12"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^24([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 24", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC24", reference:"python-2.7.12-2.fc24")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python"); }NASL family Misc. NASL id VMWARE_ESXI_6_0_BUILD_5485776_REMOTE.NASL description The version of the remote VMware ESXi 6.0 host is prior to build 5224529. It is, therefore, affected by multiple vulnerabilities in VMWare Tools and the bundled OpenSSL and Python packages, as well as a NULL pointer dereference vulnerability related to handling RPC requests that could allow an attacker to crash a virtual machine. last seen 2020-06-01 modified 2020-06-02 plugin id 102698 published 2017-09-20 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102698 title ESXi 6.0 < Build 5485776 Multiple Vulnerabilities (VMSA-2017-0015) (remote check) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(102698); script_version("1.8"); script_cvs_date("Date: 2019/11/12"); script_cve_id( "CVE-2016-2183", "CVE-2016-7055", "CVE-2016-1000110", "CVE-2017-3730", "CVE-2017-3731", "CVE-2017-3732", "CVE-2017-4925" ); script_bugtraq_id( 94242, 95812, 95813, 95814, 100842 ); script_xref(name:"VMSA", value:"2017-0015"); script_name(english:"ESXi 6.0 < Build 5485776 Multiple Vulnerabilities (VMSA-2017-0015) (remote check)"); script_summary(english:"Checks the ESXi version and build number."); script_set_attribute(attribute:"synopsis", value: "The remote VMware ESXi 6.0 host is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of the remote VMware ESXi 6.0 host is prior to build 5224529. It is, therefore, affected by multiple vulnerabilities in VMWare Tools and the bundled OpenSSL and Python packages, as well as a NULL pointer dereference vulnerability related to handling RPC requests that could allow an attacker to crash a virtual machine."); script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2017-0015.html"); # https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2149960 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e03fa029"); script_set_attribute(attribute:"solution", value: "Apply patch ESXi600-201706101-SG according to the vendor advisory."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-2183"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/06/06"); script_set_attribute(attribute:"patch_publication_date", value:"2017/06/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/09/20"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:6.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("vmware_vsphere_detect.nbin"); script_require_keys("Host/VMware/version", "Host/VMware/release"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); ver = get_kb_item_or_exit("Host/VMware/version"); rel = get_kb_item_or_exit("Host/VMware/release"); if ("ESXi" >!< rel) audit(AUDIT_OS_NOT, "ESXi"); if ("VMware ESXi 6.0" >!< rel) audit(AUDIT_OS_NOT, "ESXi 6.0"); match = pregmatch(pattern:'^VMware ESXi.*build-([0-9]+)$', string:rel); if (isnull(match)) audit(AUDIT_UNKNOWN_BUILD, "VMware ESXi", "6.0"); build = int(match[1]); fixed_build = 5485776; if (build < fixed_build) { report = '\n ESXi version : ' + ver + '\n Installed build : ' + build + '\n Fixed build : ' + fixed_build + '\n'; security_report_v4(port:0, extra:report, severity:SECURITY_WARNING); exit(0); } else audit(AUDIT_INST_VER_NOT_VULN, "VMware ESXi", ver - "ESXi " + " build " + build);NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-2270-1.NASL description This update for python fixes the following issues : - CVE-2016-0772: smtplib vulnerability opens startTLS stripping attack (bsc#984751) - CVE-2016-5699: incorrect validation of HTTP headers allow header injection (bsc#985348) - CVE-2016-1000110: HTTPoxy vulnerability in urllib, fixed by disregarding HTTP_PROXY when REQUEST_METHOD is also set (bsc#989523) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 93438 published 2016-09-12 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93438 title SUSE SLES11 Security Update : python (SUSE-SU-2016:2270-1) (httpoxy) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2016:2270-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(93438); script_version("2.8"); script_cvs_date("Date: 2019/09/11 11:22:13"); script_cve_id("CVE-2016-0772", "CVE-2016-1000110", "CVE-2016-5699"); script_name(english:"SUSE SLES11 Security Update : python (SUSE-SU-2016:2270-1) (httpoxy)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for python fixes the following issues : - CVE-2016-0772: smtplib vulnerability opens startTLS stripping attack (bsc#984751) - CVE-2016-5699: incorrect validation of HTTP headers allow header injection (bsc#985348) - CVE-2016-1000110: HTTPoxy vulnerability in urllib, fixed by disregarding HTTP_PROXY when REQUEST_METHOD is also set (bsc#989523) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=984751" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=985348" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=989523" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-0772/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-1000110/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-5699/" ); # https://www.suse.com/support/update/announcement/2016/suse-su-20162270-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?6830fb0d" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t patch sdksp4-python-12735=1 SUSE Linux Enterprise Server 11-SP4:zypper in -t patch slessp4-python-12735=1 SUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch dbgsp4-python-12735=1 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libpython2_6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libpython2_6-1_0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python-curses"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python-demo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python-gdbm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python-idle"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python-tk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python-xml"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/09/02"); script_set_attribute(attribute:"patch_publication_date", value:"2016/09/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/09/12"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES11" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP4", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"libpython2_6-1_0-32bit-2.6.9-39.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"python-32bit-2.6.9-39.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"python-base-32bit-2.6.9-39.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", cpu:"s390x", reference:"libpython2_6-1_0-32bit-2.6.9-39.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", cpu:"s390x", reference:"python-32bit-2.6.9-39.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", cpu:"s390x", reference:"python-base-32bit-2.6.9-39.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"libpython2_6-1_0-2.6.9-39.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"python-2.6.9-39.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"python-base-2.6.9-39.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"python-curses-2.6.9-39.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"python-demo-2.6.9-39.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"python-gdbm-2.6.9-39.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"python-idle-2.6.9-39.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"python-tk-2.6.9-39.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"python-xml-2.6.9-39.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python"); }NASL family Fedora Local Security Checks NASL id FEDORA_2016-2C324D0670.NASL description Fix for CVE-2016-1000110 HTTPoxy attack Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-08-12 plugin id 92877 published 2016-08-12 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/92877 title Fedora 24 : python3 (2016-2c324d0670) (httpoxy) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2016-2c324d0670. # include("compat.inc"); if (description) { script_id(92877); script_version("2.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2016-1000110"); script_xref(name:"FEDORA", value:"2016-2c324d0670"); script_name(english:"Fedora 24 : python3 (2016-2c324d0670) (httpoxy)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Fix for CVE-2016-1000110 HTTPoxy attack Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2016-2c324d0670" ); script_set_attribute( attribute:"solution", value:"Update the affected python3 package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:python3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:24"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/11/27"); script_set_attribute(attribute:"patch_publication_date", value:"2016/08/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/08/12"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^24([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 24", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC24", reference:"python3-3.5.1-13.fc24")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python3"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2016-1626.NASL description An update for python is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es) : * It was discovered that the Python CGIHandler class did not properly protect against the HTTP_PROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a Python CGI script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-1000110) * It was found that Python last seen 2020-06-01 modified 2020-06-02 plugin id 93039 published 2016-08-19 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93039 title RHEL 6 / 7 : python (RHSA-2016:1626) (httpoxy) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2016:1626. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(93039); script_version("2.15"); script_cvs_date("Date: 2019/10/24 15:35:41"); script_cve_id("CVE-2016-0772", "CVE-2016-1000110", "CVE-2016-5699"); script_xref(name:"RHSA", value:"2016:1626"); script_name(english:"RHEL 6 / 7 : python (RHSA-2016:1626) (httpoxy)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update for python is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es) : * It was discovered that the Python CGIHandler class did not properly protect against the HTTP_PROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a Python CGI script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-1000110) * It was found that Python's smtplib library did not return an exception when StartTLS failed to be established in the SMTP.starttls() function. A man in the middle attacker could strip out the STARTTLS command without generating an exception on the Python SMTP client application, preventing the establishment of the TLS layer. (CVE-2016-0772) * It was found that the Python's httplib library (used by urllib, urllib2 and others) did not properly check HTTPConnection.putheader() function arguments. An attacker could use this flaw to inject additional headers in a Python application that allowed user provided header names or values. (CVE-2016-5699) Red Hat would like to thank Scott Geary (VendHQ) for reporting CVE-2016-1000110." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2016:1626" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-0772" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-1000110" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-5699" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-test"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tkinter"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.7"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/09/02"); script_set_attribute(attribute:"patch_publication_date", value:"2016/08/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/08/19"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(6|7)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x / 7.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2016:1626"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"python-2.6.6-66.el6_8")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"python-2.6.6-66.el6_8")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"python-2.6.6-66.el6_8")) flag++; if (rpm_check(release:"RHEL6", reference:"python-debuginfo-2.6.6-66.el6_8")) flag++; if (rpm_check(release:"RHEL6", reference:"python-devel-2.6.6-66.el6_8")) flag++; if (rpm_check(release:"RHEL6", reference:"python-libs-2.6.6-66.el6_8")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"python-test-2.6.6-66.el6_8")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"python-test-2.6.6-66.el6_8")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"python-test-2.6.6-66.el6_8")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"python-tools-2.6.6-66.el6_8")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"python-tools-2.6.6-66.el6_8")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"python-tools-2.6.6-66.el6_8")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"tkinter-2.6.6-66.el6_8")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"tkinter-2.6.6-66.el6_8")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"tkinter-2.6.6-66.el6_8")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"python-2.7.5-38.el7_2")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"python-2.7.5-38.el7_2")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"python-debug-2.7.5-38.el7_2")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"python-debug-2.7.5-38.el7_2")) flag++; if (rpm_check(release:"RHEL7", reference:"python-debuginfo-2.7.5-38.el7_2")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"python-devel-2.7.5-38.el7_2")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"python-devel-2.7.5-38.el7_2")) flag++; if (rpm_check(release:"RHEL7", reference:"python-libs-2.7.5-38.el7_2")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"python-test-2.7.5-38.el7_2")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"python-test-2.7.5-38.el7_2")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"python-tools-2.7.5-38.el7_2")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"python-tools-2.7.5-38.el7_2")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"tkinter-2.7.5-38.el7_2")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"tkinter-2.7.5-38.el7_2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python / python-debug / python-debuginfo / python-devel / etc"); } }NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-2653-1.NASL description This update provides Python 3.4.5, which brings many fixes and enhancements. The following security issues have been fixed : - CVE-2016-1000110: CGIHandler could have allowed setting of HTTP_PROXY environment variable based on user-supplied Proxy request header. (bsc#989523) - CVE-2016-0772: A vulnerability in smtplib could have allowed a MITM attacker to perform a startTLS stripping attack. (bsc#984751) - CVE-2016-5636: A heap overflow in Python last seen 2020-06-01 modified 2020-06-02 plugin id 94321 published 2016-10-27 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94321 title SUSE SLED12 / SLES12 Security Update : python3 (SUSE-SU-2016:2653-1) (httpoxy) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2016:2653-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(94321); script_version("2.7"); script_cvs_date("Date: 2019/09/11 11:22:14"); script_cve_id("CVE-2016-0772", "CVE-2016-1000110", "CVE-2016-5636", "CVE-2016-5699"); script_name(english:"SUSE SLED12 / SLES12 Security Update : python3 (SUSE-SU-2016:2653-1) (httpoxy)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update provides Python 3.4.5, which brings many fixes and enhancements. The following security issues have been fixed : - CVE-2016-1000110: CGIHandler could have allowed setting of HTTP_PROXY environment variable based on user-supplied Proxy request header. (bsc#989523) - CVE-2016-0772: A vulnerability in smtplib could have allowed a MITM attacker to perform a startTLS stripping attack. (bsc#984751) - CVE-2016-5636: A heap overflow in Python's zipimport module. (bsc#985177) - CVE-2016-5699: A header injection flaw in urrlib2/urllib/httplib/http.client. (bsc#985348) The update also includes the following non-security fixes : - Don't force 3rd party C extensions to be built with -Werror=declaration-after-statement. (bsc#951166) - Make urllib proxy var handling behave as usual on POSIX. (bsc#983582) For a comprehensive list of changes please refer to the upstream change log: https://docs.python.org/3.4/whatsnew/changelog.html Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=951166" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=983582" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=984751" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=985177" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=985348" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=989523" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=991069" ); script_set_attribute( attribute:"see_also", value:"https://docs.python.org/3.4/whatsnew/changelog.html" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-0772/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-1000110/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-5636/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-5699/" ); # https://www.suse.com/support/update/announcement/2016/suse-su-20162653-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?7015bb76" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1558=1 SUSE Linux Enterprise Server 12-SP1:zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1558=1 SUSE Linux Enterprise Module for Web Scripting 12:zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2016-1558=1 SUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1558=1 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libpython3_4m1_0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libpython3_4m1_0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-base-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-base-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-debugsource"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/09/02"); script_set_attribute(attribute:"patch_publication_date", value:"2016/10/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/10/27"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(0|1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0/1", os_ver + " SP" + sp); if (os_ver == "SLED12" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP1", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"1", reference:"libpython3_4m1_0-3.4.5-17.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libpython3_4m1_0-debuginfo-3.4.5-17.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"python3-3.4.5-17.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"python3-base-3.4.5-17.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"python3-base-debuginfo-3.4.5-17.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"python3-base-debugsource-3.4.5-17.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"python3-debuginfo-3.4.5-17.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"python3-debugsource-3.4.5-17.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libpython3_4m1_0-3.4.5-17.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libpython3_4m1_0-debuginfo-3.4.5-17.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"python3-3.4.5-17.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"python3-base-3.4.5-17.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"python3-base-debuginfo-3.4.5-17.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"python3-base-debugsource-3.4.5-17.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"python3-debuginfo-3.4.5-17.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"python3-debugsource-3.4.5-17.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libpython3_4m1_0-3.4.5-17.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libpython3_4m1_0-debuginfo-3.4.5-17.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"python3-3.4.5-17.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"python3-base-3.4.5-17.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"python3-base-debuginfo-3.4.5-17.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"python3-base-debugsource-3.4.5-17.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"python3-debuginfo-3.4.5-17.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"python3-debugsource-3.4.5-17.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python3"); }NASL family Fedora Local Security Checks NASL id FEDORA_2016-604616DC33.NASL description Fix for CVE-2016-1000110 HTTPoxy attack Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-08-18 plugin id 93021 published 2016-08-18 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93021 title Fedora 23 : python3 (2016-604616dc33) (httpoxy) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2016-1036.NASL description According to the versions of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was discovered that the Python CGIHandler class did not properly protect against the HTTP_PROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a Python CGI script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-1000110) - It was found that Python last seen 2020-05-21 modified 2017-05-01 plugin id 99799 published 2017-05-01 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/99799 title EulerOS 2.0 SP1 : python (EulerOS-SA-2016-1036) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2016-741.NASL description It was discovered that the Python CGIHandler class did not properly protect against the HTTP_PROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a Python CGI script to an attacker-controlled proxy via a malicious HTTP request. last seen 2020-06-01 modified 2020-06-02 plugin id 93253 published 2016-09-02 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93253 title Amazon Linux AMI : python34 / python27,python26 (ALAS-2016-741) (httpoxy) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2016-1626.NASL description From Red Hat Security Advisory 2016:1626 : An update for python is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es) : * It was discovered that the Python CGIHandler class did not properly protect against the HTTP_PROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a Python CGI script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-1000110) * It was found that Python last seen 2020-06-01 modified 2020-06-02 plugin id 93034 published 2016-08-19 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93034 title Oracle Linux 6 / 7 : python (ELSA-2016-1626) (httpoxy) NASL family Fedora Local Security Checks NASL id FEDORA_2016-C843C68C77.NASL description Fix for CVE-2016-1000110 HTTPoxy attack Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-11-15 plugin id 94860 published 2016-11-15 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94860 title Fedora 25 : python3 (2016-c843c68c77) (httpoxy) NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-2106-1.NASL description This update for python fixes the following issues : - CVE-2016-0772: smtplib vulnerability opens startTLS stripping attack (bsc#984751) - CVE-2016-5636: heap overflow when importing malformed zip files (bsc#985177) - CVE-2016-5699: incorrect validation of HTTP headers allow header injection (bsc#985348) - CVE-2016-1000110: HTTPoxy vulnerability in urllib, fixed by disregarding HTTP_PROXY when REQUEST_METHOD is also set (bsc#989523) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 93300 published 2016-09-02 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93300 title SUSE SLED12 / SLES12 Security Update : python (SUSE-SU-2016:2106-1) (httpoxy) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-0223-1.NASL description This update for python fixes the following issues : Security issues fixed : CVE-2016-0772: smtplib vulnerability opens startTLS stripping attack (bsc#984751) CVE-2016-5636: heap overflow when importing malformed zip files (bsc#985177) CVE-2016-5699: incorrect validation of HTTP headers allow header injection (bsc#985348) CVE-2016-1000110: HTTPoxy vulnerability in urllib, fixed by disregarding HTTP_PROXY when REQUEST_METHOD is also set (bsc#989523) CVE-2019-5010: Fixed a denial-of-service vulnerability in the X509 certificate parser (bsc#1122191) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 121570 published 2019-02-04 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121570 title SUSE SLES12 Security Update : python (SUSE-SU-2019:0223-1) (httpoxy) NASL family SuSE Local Security Checks NASL id SUSE_SU-2020-0234-1.NASL description This update for python fixes the following issues : Updated to version 2.7.17 to unify packages among openSUSE:Factory and SLE versions (bsc#1159035). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 133259 published 2020-01-27 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133259 title SUSE SLED15 / SLES15 Security Update : python (SUSE-SU-2020:0234-1) (BEAST) (httpoxy) NASL family SuSE Local Security Checks NASL id SUSE_SU-2020-0114-1.NASL description This update for python3 to version 3.6.10 fixes the following issues : CVE-2017-18207: Fixed a denial of service in Wave_read._read_fmt_chunk() (bsc#1083507). CVE-2019-16056: Fixed an issue where email parsing could fail for multiple @ (bsc#1149955). CVE-2019-15903: Fixed a heap-based buffer over-read in libexpat (bsc#1149429). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 133036 published 2020-01-17 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133036 title SUSE SLED15 / SLES15 Security Update : python3 (SUSE-SU-2020:0114-1) (BEAST) (httpoxy) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3134-1.NASL description It was discovered that the smtplib library in Python did not return an error when StartTLS fails. A remote attacker could possibly use this to expose sensitive information. (CVE-2016-0772) Remi Rampin discovered that Python would not protect CGI applications from contents of the HTTP_PROXY environment variable when based on the contents of the Proxy header from HTTP requests. A remote attacker could possibly use this to cause a CGI application to redirect outgoing HTTP requests. (CVE-2016-1000110) Insu Yun discovered an integer overflow in the zipimporter module in Python that could lead to a heap-based overflow. An attacker could use this to craft a special zip file that when read by Python could possibly execute arbitrary code. (CVE-2016-5636) Guido Vranken discovered that the urllib modules in Python did not properly handle carriage return line feed (CRLF) in headers. A remote attacker could use this to craft URLs that inject arbitrary HTTP headers. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5699). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 95284 published 2016-11-23 reporter Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95284 title Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : python2.7, python3.2, python3.4, python3.5 vulnerabilities (USN-3134-1) (httpoxy) NASL family Scientific Linux Local Security Checks NASL id SL_20160818_PYTHON_ON_SL6_X.NASL description Security Fix(es) : - It was discovered that the Python CGIHandler class did not properly protect against the HTTP_PROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a Python CGI script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-1000110) - It was found that Python last seen 2020-03-18 modified 2016-08-22 plugin id 93072 published 2016-08-22 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93072 title Scientific Linux Security Update : python on SL6.x, SL7.x i386/x86_64 (20160818) (httpoxy) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2016-0099.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - Add Oracle Linux distribution in platform.py [orabug 21288328] (Keshav Sharma) - Fix for CVE-2016-1000110 HTTPoxy attack Resolves: rhbz#1359161 - Fix for CVE-2016-0772 python: smtplib StartTLS stripping attack (rhbz#1303647) Raise an error when STARTTLS fails (upstream patch) - Fix for CVE-2016-5699 python: http protocol steam injection attack (rhbz#1303699) Disabled HTTP header injections in httplib (upstream patch) Resolves: rhbz#1346354 last seen 2020-06-01 modified 2020-06-02 plugin id 93038 published 2016-08-19 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93038 title OracleVM 3.3 / 3.4 : python (OVMSA-2016-0099) (httpoxy) NASL family Fedora Local Security Checks NASL id FEDORA_2016-970EDB82D4.NASL description Fix for CVE-2016-1000110 HTTPoxy attack Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-08-24 plugin id 93090 published 2016-08-24 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93090 title Fedora 23 : python (2016-970edb82d4) (httpoxy) NASL family SuSE Local Security Checks NASL id OPENSUSE-2020-86.NASL description This update for python3 to version 3.6.10 fixes the following issues : - CVE-2017-18207: Fixed a denial of service in Wave_read._read_fmt_chunk() (bsc#1083507). - CVE-2019-16056: Fixed an issue where email parsing could fail for multiple @ (bsc#1149955). - CVE-2019-15903: Fixed a heap-based buffer over-read in libexpat (bsc#1149429). This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 133172 published 2020-01-22 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133172 title openSUSE Security Update : python3 (openSUSE-2020-86) (BEAST) (httpoxy) NASL family Web Servers NASL id HTTP_HTTPOXY.NASL description The web application running on the remote web server is affected by a man-in-the-middle vulnerability known as last seen 2020-06-01 modified 2020-06-02 plugin id 92539 published 2016-07-25 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/92539 title HTTP_PROXY Environment Variable Namespace Collision Vulnerability (httpoxy) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2016-1626.NASL description An update for python is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es) : * It was discovered that the Python CGIHandler class did not properly protect against the HTTP_PROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a Python CGI script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-1000110) * It was found that Python last seen 2020-06-01 modified 2020-06-02 plugin id 93029 published 2016-08-19 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93029 title CentOS 6 / 7 : python (CESA-2016:1626) (httpoxy) NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-997.NASL description This update for python3 fixes the following issues : - apply fix for CVE-2016-1000110 - CGIHandler: sets environmental variable based on user-supplied Proxy request header (fixes boo#989523, CVE-2016-1000110) - update to 3.4.5 check: https://docs.python.org/3.4/whatsnew/changelog.html (fixes boo#984751, CVE-2016-0772) (fixes boo#985177, CVE-2016-5636) (fixes boo#985348, CVE-2016-5699) - Bump DH parameters to 2048 bit to fix logjam security issue. boo#935856 - apply fix for CVE-2016-1000110 - CGIHandler: sets environmental variable based on user-supplied Proxy request header: (fixes boo#989523, CVE-2016-1000110) last seen 2020-06-05 modified 2016-08-22 plugin id 93069 published 2016-08-22 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93069 title openSUSE Security Update : python3 (openSUSE-2016-997) (httpoxy) NASL family Fedora Local Security Checks NASL id FEDORA_2016-663608C5BB.NASL description Fix for CVE-2016-1000110 HTTPoxy attack Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-11-15 plugin id 94812 published 2016-11-15 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94812 title Fedora 25 : python (2016-663608c5bb) (httpoxy) NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-2859-1.NASL description This update provides Python 3.4.5, which brings many fixes and enhancements. The following security issues have been fixed : - CVE-2016-1000110: CGIHandler could have allowed setting of HTTP_PROXY environment variable based on user-supplied Proxy request header. (bsc#989523) - CVE-2016-0772: A vulnerability in smtplib could have allowed a MITM attacker to perform a startTLS stripping attack. (bsc#984751) - CVE-2016-5636: A heap overflow in Python last seen 2020-06-01 modified 2020-06-02 plugin id 94969 published 2016-11-18 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94969 title SUSE SLED12 / SLES12 Security Update : python3 (SUSE-SU-2016:2859-1) (httpoxy) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2016-363-01.NASL description New python packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 96165 published 2016-12-29 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/96165 title Slackware 14.0 / 14.1 / 14.2 / current : python (SSA:2016-363-01) (httpoxy)
Redhat
| rpms |
|
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000110
- https://bugzilla.suse.com/show_bug.cgi?id=CVE-2016-1000110
- https://security-tracker.debian.org/tracker/CVE-2016-1000110
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7K3WFJO3SJQCODKRKU6EQV3ZGHH53YPU/