Vulnerabilities > CVE-2018-20852 - Improper Input Validation vulnerability in Python

047910
CVSS 5.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
NONE
Availability impact
NONE
network
low complexity
python
CWE-20
nessus

Summary

http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.

Vulnerable Configurations

Part Description Count
Application
Python
321

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Server Side Include (SSI) Injection
    An attacker can use Server Side Include (SSI) Injection to send code to a web application that then gets executed by the web server. Doing so enables the attacker to achieve similar results to Cross Site Scripting, viz., arbitrary code execution and information disclosure, albeit on a more limited scale, since the SSI directives are nowhere near as powerful as a full-fledged scripting language. Nonetheless, the attacker can conveniently gain access to sensitive files, such as password files, and execute shell commands.
  • Cross Zone Scripting
    An attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to execute scripting code or other web objects such as unsigned ActiveX controls or applets. This is a privilege elevation attack targeted at zone-based web-browser security. In a zone-based model, pages belong to one of a set of zones corresponding to the level of privilege assigned to that page. Pages in an untrusted zone would have a lesser level of access to the system and/or be restricted in the types of executable content it was allowed to invoke. In a cross-zone scripting attack, a page that should be assigned to a less privileged zone is granted the privileges of a more trusted zone. This can be accomplished by exploiting bugs in the browser, exploiting incorrect configuration in the zone controls, through a cross-site scripting attack that causes the attackers' content to be treated as coming from a more trusted page, or by leveraging some piece of system functionality that is accessible from both the trusted and less trusted zone. This attack differs from "Restful Privilege Escalation" in that the latter correlates to the inadequate securing of RESTful access methods (such as HTTP DELETE) on the server, while cross-zone scripting attacks the concept of security zones as implemented by a browser.
  • Cross Site Scripting through Log Files
    An attacker may leverage a system weakness where logs are susceptible to log injection to insert scripts into the system's logs. If these logs are later viewed by an administrator through a thin administrative interface and the log data is not properly HTML encoded before being written to the page, the attackers' scripts stored in the log will be executed in the administrative interface with potentially serious consequences. This attack pattern is really a combination of two other attack patterns: log injection and stored cross site scripting.
  • Command Line Execution through SQL Injection
    An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host.

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-0302-1.NASL
    descriptionThis update for python36 to version 3.6.10 fixes the following issues : CVE-2017-18207: Fixed a denial of service in Wave_read._read_fmt_chunk() (bsc#1083507). CVE-2019-16056: Fixed an issue where email parsing could fail for multiple @ signs (bsc#1149955). CVE-2019-15903: Fixed a heap-based buffer over-read in libexpat (bsc#1149429). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id133448
    published2020-02-04
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133448
    titleSUSE SLES12 Security Update : python36 (SUSE-SU-2020:0302-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2020:0302-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(133448);
      script_version("1.2");
      script_cvs_date("Date: 2020/02/06");
    
      script_cve_id("CVE-2017-18207", "CVE-2018-1000802", "CVE-2018-1060", "CVE-2018-20852", "CVE-2019-10160", "CVE-2019-15903", "CVE-2019-16056", "CVE-2019-5010", "CVE-2019-9636", "CVE-2019-9947");
    
      script_name(english:"SUSE SLES12 Security Update : python36 (SUSE-SU-2020:0302-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for python36 to version 3.6.10 fixes the following 
    issues :
    
    CVE-2017-18207: Fixed a denial of service in
    Wave_read._read_fmt_chunk() (bsc#1083507).
    
    CVE-2019-16056: Fixed an issue where email parsing could fail for
    multiple @ signs (bsc#1149955).
    
    CVE-2019-15903: Fixed a heap-based buffer over-read in libexpat
    (bsc#1149429).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1027282"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1029377"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1081750"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1083507"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1086001"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1088009"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1094814"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1109663"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1137942"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1138459"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1141853"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1149121"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1149429"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1149792"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1149955"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1151490"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1159035"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1159622"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=709442"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=951166"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=983582"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-18207/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-1000802/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-1060/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-20852/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-10160/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-15903/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-16056/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-5010/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-9636/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-9947/"
      );
      # https://www.suse.com/support/update/announcement/2020/suse-su-20200302-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?68a41617"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Server 12-SP5 :
    
    zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-302=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libpython3_6m1_0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libpython3_6m1_0-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python36");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python36-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python36-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python36-base-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python36-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python36-debugsource");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/03/01");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/02/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/04");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(5)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP5", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"5", reference:"libpython3_6m1_0-3.6.10-4.3.5")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"libpython3_6m1_0-debuginfo-3.6.10-4.3.5")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"python36-3.6.10-4.3.5")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"python36-base-3.6.10-4.3.5")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"python36-base-debuginfo-3.6.10-4.3.5")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"python36-base-debugsource-3.6.10-4.3.5")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"python36-debuginfo-3.6.10-4.3.5")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"python36-debugsource-3.6.10-4.3.5")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python36");
    }
    
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-2_0-0171_PYTHON3.NASL
    descriptionAn update of the python3 package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id128721
    published2019-09-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128721
    titlePhoton OS 2.0: Python3 PHSA-2019-2.0-0171
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20200407_PYTHON3_ON_SL7_X.NASL
    description* python: Cookie domain check returns incorrect results * python: email.utils.parseaddr wrongly parses email addresses
    last seen2020-04-30
    modified2020-04-21
    plugin id135830
    published2020-04-21
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135830
    titleScientific Linux Security Update : python3 on SL7.x x86_64 (20200407)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1132.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1132 advisory. - python: Cookie domain check returns incorrect results (CVE-2018-20852) - python: email.utils.parseaddr wrongly parses email addresses (CVE-2019-16056) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-23
    modified2020-04-01
    plugin id135056
    published2020-04-01
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135056
    titleRHEL 7 : python3 (RHSA-2020:1132)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-202003-26.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-202003-26 (Python: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Python. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly perform a CRLF injection attack, obtain sensitive information, trick Python into sending cookies to the wrong domain or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-03-19
    modified2020-03-16
    plugin id134603
    published2020-03-16
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134603
    titleGLSA-202003-26 : Python: Multiple vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1605.NASL
    descriptionThe remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1605 advisory. - The fix leads to a regression (CVE-2018-18074) - python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) - python: Cookie domain check returns incorrect results (CVE-2018-20852) - python-urllib3: CRLF injection due to not encoding the
    last seen2020-05-21
    modified2020-04-28
    plugin id136044
    published2020-04-28
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136044
    titleRHEL 8 : python27:2.7 (RHSA-2020:1605)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4127-1.NASL
    descriptionIt was discovered that Python incorrectly handled certain pickle files. An attacker could possibly use this issue to consume memory, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-20406) It was discovered that Python incorrectly validated the domain when handling cookies. An attacker could possibly trick Python into sending cookies to the wrong domain. (CVE-2018-20852) Jonathan Birch and Panayiotis Panayiotou discovered that Python incorrectly handled Unicode encoding during NFKC normalization. An attacker could possibly use this issue to obtain sensitive information. (CVE-2019-9636, CVE-2019-10160) Colin Read and Nicolas Edet discovered that Python incorrectly handled parsing certain X509 certificates. An attacker could possibly use this issue to cause Python to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-5010) It was discovered that Python incorrectly handled certain urls. A remote attacker could possibly use this issue to perform CRLF injection attacks. (CVE-2019-9740, CVE-2019-9947) Sihoon Lee discovered that Python incorrectly handled the local_file: scheme. A remote attacker could possibly use this issue to bypass blacklist meschanisms. (CVE-2019-9948). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id128631
    published2019-09-10
    reporterUbuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128631
    titleUbuntu 16.04 LTS / 18.04 LTS / 19.04 : python2.7, python3.5, python3.6, python3.7 vulnerabilities (USN-4127-1)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2020-1432.NASL
    descriptionhttp.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.(CVE-2018-20852) Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.(CVE-2020-8492)
    last seen2020-06-10
    modified2020-06-04
    plugin id137089
    published2020-06-04
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137089
    titleAmazon Linux 2 : python (ALAS-2020-1432)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2798-1.NASL
    descriptionThis update for python3 fixes the following issues : CVE-2019-16056: Fixed a parser issue in the email module. (bsc#1149955) CVE-2018-20852: Fixed an incorrect domain validation that could lead to cookies being sent to the wrong server. (bsc#1141853) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id130361
    published2019-10-29
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130361
    titleSUSE SLED12 / SLES12 Security Update : python3 (SUSE-SU-2019:2798-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-758824A3FF.NASL
    descriptionPython 2.7.17 is a bug fix release in the Python 2.7.x series. It is expected to be the penultimate release for Python 2.7. https://www.python.org/downloads/release/python-2717/ - Security fix for CVE-2018-20852. - Security fix for CVE-2019-16056. - Security fix for CVE-2019-16935. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id130790
    published2019-11-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130790
    titleFedora 29 : python2 / python2-docs (2019-758824a3ff)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-3_0-0024_PYTHON2.NASL
    descriptionAn update of the python2 package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id128158
    published2019-08-26
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128158
    titlePhoton OS 3.0: Python2 PHSA-2019-3.0-0024
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2115.NASL
    descriptionAccording to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.(CVE-2019-16935) - http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.(CVE-2018-20852) - An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340 however, this CVE applies to Python more generally.(CVE-2019-16056) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-03
    modified2019-11-12
    plugin id130824
    published2019-11-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130824
    titleEulerOS 2.0 SP8 : python3 (EulerOS-SA-2019-2115)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2050-1.NASL
    descriptionThis update for python3 fixes the following issues : Security issue fixed : CVE-2019-10160: Fixed a regression in urlparse() and urlsplit() introduced by the fix for CVE-2019-9636 (bsc#1138459). CVE-2018-20852: Fixed an information leak where cookies could be send to the wrong server because of incorrect domain validation (bsc#1141853). Non-security issue fixed: Fixed an issue where the SIGINT signal was ignored or not handled (bsc#1094814). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id127766
    published2019-08-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127766
    titleSUSE SLED15 / SLES15 Security Update : python3 (SUSE-SU-2019:2050-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1764.NASL
    descriptionThe remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1764 advisory. - python: Cookie domain check returns incorrect results (CVE-2018-20852) - python: email.utils.parseaddr wrongly parses email addresses (CVE-2019-16056) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-30
    modified2020-04-28
    plugin id136049
    published2020-04-28
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136049
    titleRHEL 8 : python3 (RHSA-2020:1764)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1989.NASL
    descriptionThis update for python fixes the following issues : - CVE-2018-20852: Fixed an information leak where cookies could be send to the wrong server because of incorrect domain validation (bsc#1141853). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id128140
    published2019-08-26
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128140
    titleopenSUSE Security Update : python (openSUSE-2019-1989)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1988.NASL
    descriptionThis update for python fixes the following issues : - CVE-2018-20852: Fixed an information leak where cookies could be send to the wrong server because of incorrect domain validation (bsc#1141853). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id128139
    published2019-08-26
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128139
    titleopenSUSE Security Update : python (openSUSE-2019-1988)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2020-1131.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:1131 advisory. - python: Cookie domain check returns incorrect results (CVE-2018-20852) - python: email.utils.parseaddr wrongly parses email addresses (CVE-2019-16056) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-06
    modified2020-04-10
    plugin id135343
    published2020-04-10
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135343
    titleCentOS 7 : python (CESA-2020:1131)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2442.NASL
    descriptionAccording to the versions of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: the effects of this documentation cross application domains, and thus it is likely that security-relevant code elsewhere is affected. This issue is not a Python implementation bug, and there are no reports that NMR researchers were specifically relying on library/glob.html. In other words, because the older documentation stated
    last seen2020-05-08
    modified2019-12-04
    plugin id131596
    published2019-12-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131596
    titleEulerOS 2.0 SP2 : python (EulerOS-SA-2019-2442)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1906.NASL
    descriptionA vulnerability has been discovered in Python, an interactive high-level object-oriented language, that is relevant for cookie handling. By using a malicious server an attacker might steal cookies that are meant for other domains For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id128426
    published2019-09-03
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128426
    titleDebian DLA-1906-1 : python2.7 security update
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-0D3FCAE639.NASL
    descriptionPython 2.7.17 is a bug fix release in the Python 2.7.x series. It is expected to be the penultimate release for Python 2.7. https://www.python.org/downloads/release/python-2717/ - Security fix for CVE-2018-20852. - Security fix for CVE-2019-16056. - Security fix for CVE-2019-16935. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id130776
    published2019-11-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130776
    titleFedora 31 : python2 / python2-docs (2019-0d3fcae639)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2114.NASL
    descriptionAccording to the versions of the python2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.(CVE-2019-16935) - http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.(CVE-2018-20852) - An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340 however, this CVE applies to Python more generally.(CVE-2019-16056) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-03
    modified2019-11-12
    plugin id130823
    published2019-11-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130823
    titleEulerOS 2.0 SP8 : python2 (EulerOS-SA-2019-2114)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20200407_PYTHON_ON_SL7_X.NASL
    description* python: Cookie domain check returns incorrect results * python: email.utils.parseaddr wrongly parses email addresses
    last seen2020-04-30
    modified2020-04-21
    plugin id135831
    published2020-04-21
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135831
    titleScientific Linux Security Update : python on SL7.x x86_64 (20200407)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-74BA24605E.NASL
    descriptionPython 2.7.17 is a bug fix release in the Python 2.7.x series. It is expected to be the penultimate release for Python 2.7. https://www.python.org/downloads/release/python-2717/ - Security fix for CVE-2018-20852. - Security fix for CVE-2019-16056. - Security fix for CVE-2019-16935. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id130789
    published2019-11-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130789
    titleFedora 30 : python2 / python2-docs (2019-74ba24605e)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-1_0-0246_PYTHON2.NASL
    descriptionAn update of the python2 package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id128171
    published2019-08-26
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128171
    titlePhoton OS 1.0: Python2 PHSA-2019-1.0-0246
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-1_0-0246_PYTHON3.NASL
    descriptionAn update of the python3 package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id128172
    published2019-08-26
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128172
    titlePhoton OS 1.0: Python3 PHSA-2019-1.0-0246
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2091-1.NASL
    descriptionThis update for python fixes the following issues : CVE-2019-10160: Fixed a regression in urlparse() and urlsplit() introduced by the fix for CVE-2019-9636 (bsc#1138459). CVE-2018-20852: Fixed an information leak where cookies could be send to the wrong server because of incorrect domain validation (bsc#1141853). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id127783
    published2019-08-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127783
    titleSUSE SLED12 / SLES12 Security Update : python (SUSE-SU-2019:2091-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1131.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:1131 advisory. - python: Cookie domain check returns incorrect results (CVE-2018-20852) - python: email.utils.parseaddr wrongly parses email addresses (CVE-2019-16056) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-23
    modified2020-04-01
    plugin id135059
    published2020-04-01
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135059
    titleRHEL 7 : python (RHSA-2020:1131)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-0234-1.NASL
    descriptionThis update for python fixes the following issues : Updated to version 2.7.17 to unify packages among openSUSE:Factory and SLE versions (bsc#1159035). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id133259
    published2020-01-27
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133259
    titleSUSE SLED15 / SLES15 Security Update : python (SUSE-SU-2020:0234-1) (BEAST) (httpoxy)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-2_0-0171_PYTHON2.NASL
    descriptionAn update of the python2 package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id128720
    published2019-09-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128720
    titlePhoton OS 2.0: Python2 PHSA-2019-2.0-0171
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2020-1375.NASL
    descriptionhttp.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.(CVE-2018-20852)
    last seen2020-06-10
    modified2020-06-04
    plugin id137098
    published2020-06-04
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137098
    titleAmazon Linux AMI : python27 (ALAS-2020-1375)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-0114-1.NASL
    descriptionThis update for python3 to version 3.6.10 fixes the following issues : CVE-2017-18207: Fixed a denial of service in Wave_read._read_fmt_chunk() (bsc#1083507). CVE-2019-16056: Fixed an issue where email parsing could fail for multiple @ (bsc#1149955). CVE-2019-15903: Fixed a heap-based buffer over-read in libexpat (bsc#1149429). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id133036
    published2020-01-17
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133036
    titleSUSE SLED15 / SLES15 Security Update : python3 (SUSE-SU-2020:0114-1) (BEAST) (httpoxy)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1889.NASL
    descriptionA vulnerability has been discovered in Python, an interactive high-level object-oriented language, that is relevant for cookie handling. By using a malicious server an attacker might steal cookies that are meant for other domains For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id127925
    published2019-08-20
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127925
    titleDebian DLA-1889-1 : python3.4 security update
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2114-1.NASL
    descriptionThis update for python fixes the following issues : CVE-2018-20852: Fixed an information leak where cookies could be send to the wrong server because of incorrect domain validation (bsc#1141853). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id127838
    published2019-08-13
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127838
    titleSUSE SLED15 / SLES15 Security Update : python (SUSE-SU-2019:2114-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1044.NASL
    descriptionAccording to the versions of the python2 packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340 however, this CVE applies to Python more generally.(CVE-2019-16056) - http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.(CVE-2018-20852) - The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.(CVE-2019-16935) - library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: the effects of this documentation cross application domains, and thus it is likely that security-relevant code elsewhere is affected. This issue is not a Python implementation bug, and there are no reports that NMR researchers were specifically relying on library/glob.html. In other words, because the older documentation stated
    last seen2020-06-01
    modified2020-06-02
    plugin id132798
    published2020-01-13
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132798
    titleEulerOS Virtualization for ARM 64 3.0.5.0 : python2 (EulerOS-SA-2020-1044)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2020-86.NASL
    descriptionThis update for python3 to version 3.6.10 fixes the following issues : - CVE-2017-18207: Fixed a denial of service in Wave_read._read_fmt_chunk() (bsc#1083507). - CVE-2019-16056: Fixed an issue where email parsing could fail for multiple @ (bsc#1149955). - CVE-2019-15903: Fixed a heap-based buffer over-read in libexpat (bsc#1149429). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id133172
    published2020-01-22
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133172
    titleopenSUSE Security Update : python3 (openSUSE-2020-86) (BEAST) (httpoxy)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2259.NASL
    descriptionAccording to the version of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.(CVE-2018-20852) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-11-08
    plugin id130721
    published2019-11-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130721
    titleEulerOS 2.0 SP3 : python (EulerOS-SA-2019-2259)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1212.NASL
    descriptionAccording to the versions of the python packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.(CVE-2018-20852) - An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue.(CVE-2019-9947) - An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command.(CVE-2019-9740) - An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340 however, this CVE applies to Python more generally.(CVE-2019-16056) - The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.(CVE-2019-16935) - library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: the effects of this documentation cross application domains, and thus it is likely that security-relevant code elsewhere is affected. This issue is not a Python implementation bug, and there are no reports that NMR researchers were specifically relying on library/glob.html. In other words, because the older documentation stated
    last seen2020-03-19
    modified2020-03-13
    plugin id134501
    published2020-03-13
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134501
    titleEulerOS Virtualization for ARM 64 3.0.2.0 : python (EulerOS-SA-2020-1212)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2020-1132.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1132 advisory. - python: Cookie domain check returns incorrect results (CVE-2018-20852) - python: email.utils.parseaddr wrongly parses email addresses (CVE-2019-16056) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-06
    modified2020-04-10
    plugin id135344
    published2020-04-10
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135344
    titleCentOS 7 : python3 (CESA-2020:1132)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1048.NASL
    descriptionAccording to the versions of the python3 packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340 however, this CVE applies to Python more generally.(CVE-2019-16056) - http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.(CVE-2018-20852) - The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.(CVE-2019-16935) - library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: the effects of this documentation cross application domains, and thus it is likely that security-relevant code elsewhere is affected. This issue is not a Python implementation bug, and there are no reports that NMR researchers were specifically relying on library/glob.html. In other words, because the older documentation stated
    last seen2020-06-01
    modified2020-06-02
    plugin id132802
    published2020-01-13
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132802
    titleEulerOS Virtualization for ARM 64 3.0.5.0 : python3 (EulerOS-SA-2020-1048)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2225.NASL
    descriptionAccording to the versions of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.(CVE-2019-16935) - library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: the effects of this documentation cross application domains, and thus it is likely that security-relevant code elsewhere is affected. This issue is not a Python implementation bug, and there are no reports that NMR researchers were specifically relying on library/glob.html. In other words, because the older documentation stated
    last seen2020-05-08
    modified2019-11-08
    plugin id130687
    published2019-11-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130687
    titleEulerOS 2.0 SP5 : python (EulerOS-SA-2019-2225)

Redhat

advisories
  • rhsa
    idRHSA-2019:3725
  • rhsa
    idRHSA-2019:3948
rpms
  • rh-python36-python-0:3.6.9-2.el6
  • rh-python36-python-0:3.6.9-2.el7
  • rh-python36-python-debug-0:3.6.9-2.el6
  • rh-python36-python-debug-0:3.6.9-2.el7
  • rh-python36-python-debuginfo-0:3.6.9-2.el6
  • rh-python36-python-debuginfo-0:3.6.9-2.el7
  • rh-python36-python-devel-0:3.6.9-2.el6
  • rh-python36-python-devel-0:3.6.9-2.el7
  • rh-python36-python-libs-0:3.6.9-2.el6
  • rh-python36-python-libs-0:3.6.9-2.el7
  • rh-python36-python-test-0:3.6.9-2.el6
  • rh-python36-python-test-0:3.6.9-2.el7
  • rh-python36-python-tkinter-0:3.6.9-2.el6
  • rh-python36-python-tkinter-0:3.6.9-2.el7
  • rh-python36-python-tools-0:3.6.9-2.el6
  • rh-python36-python-tools-0:3.6.9-2.el7
  • python27-python-0:2.7.17-2.el6
  • python27-python-0:2.7.17-2.el7
  • python27-python-debug-0:2.7.17-2.el6
  • python27-python-debug-0:2.7.17-2.el7
  • python27-python-debuginfo-0:2.7.17-2.el6
  • python27-python-debuginfo-0:2.7.17-2.el7
  • python27-python-devel-0:2.7.17-2.el6
  • python27-python-devel-0:2.7.17-2.el7
  • python27-python-libs-0:2.7.17-2.el6
  • python27-python-libs-0:2.7.17-2.el7
  • python27-python-test-0:2.7.17-2.el6
  • python27-python-test-0:2.7.17-2.el7
  • python27-python-tools-0:2.7.17-2.el6
  • python27-python-tools-0:2.7.17-2.el7
  • python27-tkinter-0:2.7.17-2.el6
  • python27-tkinter-0:2.7.17-2.el7
  • python-0:2.7.5-88.el7
  • python-debug-0:2.7.5-88.el7
  • python-debuginfo-0:2.7.5-88.el7
  • python-devel-0:2.7.5-88.el7
  • python-libs-0:2.7.5-88.el7
  • python-test-0:2.7.5-88.el7
  • python-tools-0:2.7.5-88.el7
  • tkinter-0:2.7.5-88.el7
  • python3-0:3.6.8-13.el7
  • python3-debug-0:3.6.8-13.el7
  • python3-debuginfo-0:3.6.8-13.el7
  • python3-devel-0:3.6.8-13.el7
  • python3-idle-0:3.6.8-13.el7
  • python3-libs-0:3.6.8-13.el7
  • python3-test-0:3.6.8-13.el7
  • python3-tkinter-0:3.6.8-13.el7
  • Cython-debugsource-0:0.28.1-7.module+el8.1.0+3111+de3f2d8e
  • PyYAML-debugsource-0:3.12-16.module+el8.1.0+3111+de3f2d8e
  • babel-0:2.5.1-9.module+el8.1.0+3111+de3f2d8e
  • numpy-debugsource-1:1.14.2-13.module+el8.1.0+3323+7ac3e00f
  • python-coverage-debugsource-0:4.5.1-4.module+el8.1.0+3111+de3f2d8e
  • python-lxml-debugsource-0:4.2.3-3.module+el8.1.0+3111+de3f2d8e
  • python-nose-docs-0:1.3.7-30.module+el8.1.0+3111+de3f2d8e
  • python-psycopg2-debuginfo-0:2.7.5-7.module+el8.1.0+3111+de3f2d8e
  • python-psycopg2-debugsource-0:2.7.5-7.module+el8.1.0+3111+de3f2d8e
  • python-psycopg2-doc-0:2.7.5-7.module+el8.1.0+3111+de3f2d8e
  • python-pymongo-debuginfo-0:3.6.1-11.module+el8.1.0+3446+c3d52da3
  • python-pymongo-debugsource-0:3.6.1-11.module+el8.1.0+3446+c3d52da3
  • python-sqlalchemy-doc-0:1.3.2-1.module+el8.1.0+2994+98e054d6
  • python2-0:2.7.17-1.module+el8.2.0+4561+f4e0d66a
  • python2-Cython-0:0.28.1-7.module+el8.1.0+3111+de3f2d8e
  • python2-Cython-debuginfo-0:0.28.1-7.module+el8.1.0+3111+de3f2d8e
  • python2-PyMySQL-0:0.8.0-10.module+el8.1.0+3111+de3f2d8e
  • python2-attrs-0:17.4.0-10.module+el8.1.0+3111+de3f2d8e
  • python2-babel-0:2.5.1-9.module+el8.1.0+3111+de3f2d8e
  • python2-backports-0:1.0-15.module+el8.1.0+3111+de3f2d8e
  • python2-backports-ssl_match_hostname-0:3.5.0.1-11.module+el8.1.0+3111+de3f2d8e
  • python2-bson-0:3.6.1-11.module+el8.1.0+3446+c3d52da3
  • python2-bson-debuginfo-0:3.6.1-11.module+el8.1.0+3446+c3d52da3
  • python2-chardet-0:3.0.4-10.module+el8.1.0+3111+de3f2d8e
  • python2-coverage-0:4.5.1-4.module+el8.1.0+3111+de3f2d8e
  • python2-coverage-debuginfo-0:4.5.1-4.module+el8.1.0+3111+de3f2d8e
  • python2-debug-0:2.7.17-1.module+el8.2.0+4561+f4e0d66a
  • python2-debuginfo-0:2.7.17-1.module+el8.2.0+4561+f4e0d66a
  • python2-debugsource-0:2.7.17-1.module+el8.2.0+4561+f4e0d66a
  • python2-devel-0:2.7.17-1.module+el8.2.0+4561+f4e0d66a
  • python2-dns-0:1.15.0-10.module+el8.1.0+3111+de3f2d8e
  • python2-docs-0:2.7.16-2.module+el8.1.0+3111+de3f2d8e
  • python2-docs-info-0:2.7.16-2.module+el8.1.0+3111+de3f2d8e
  • python2-docutils-0:0.14-12.module+el8.1.0+3111+de3f2d8e
  • python2-funcsigs-0:1.0.2-13.module+el8.1.0+3111+de3f2d8e
  • python2-idna-0:2.5-7.module+el8.1.0+3111+de3f2d8e
  • python2-ipaddress-0:1.0.18-6.module+el8.1.0+3111+de3f2d8e
  • python2-jinja2-0:2.10-8.module+el8.1.0+3111+de3f2d8e
  • python2-libs-0:2.7.17-1.module+el8.2.0+4561+f4e0d66a
  • python2-lxml-0:4.2.3-3.module+el8.1.0+3111+de3f2d8e
  • python2-lxml-debuginfo-0:4.2.3-3.module+el8.1.0+3111+de3f2d8e
  • python2-markupsafe-0:0.23-19.module+el8.1.0+3111+de3f2d8e
  • python2-mock-0:2.0.0-13.module+el8.1.0+3111+de3f2d8e
  • python2-nose-0:1.3.7-30.module+el8.1.0+3111+de3f2d8e
  • python2-numpy-1:1.14.2-13.module+el8.1.0+3323+7ac3e00f
  • python2-numpy-debuginfo-1:1.14.2-13.module+el8.1.0+3323+7ac3e00f
  • python2-numpy-doc-1:1.14.2-13.module+el8.1.0+3323+7ac3e00f
  • python2-numpy-f2py-1:1.14.2-13.module+el8.1.0+3323+7ac3e00f
  • python2-pip-0:9.0.3-16.module+el8.2.0+5478+b505947e
  • python2-pip-wheel-0:9.0.3-16.module+el8.2.0+5478+b505947e
  • python2-pluggy-0:0.6.0-8.module+el8.1.0+3111+de3f2d8e
  • python2-psycopg2-0:2.7.5-7.module+el8.1.0+3111+de3f2d8e
  • python2-psycopg2-debug-0:2.7.5-7.module+el8.1.0+3111+de3f2d8e
  • python2-psycopg2-debug-debuginfo-0:2.7.5-7.module+el8.1.0+3111+de3f2d8e
  • python2-psycopg2-debuginfo-0:2.7.5-7.module+el8.1.0+3111+de3f2d8e
  • python2-psycopg2-tests-0:2.7.5-7.module+el8.1.0+3111+de3f2d8e
  • python2-py-0:1.5.3-6.module+el8.1.0+3111+de3f2d8e
  • python2-pygments-0:2.2.0-20.module+el8.1.0+3111+de3f2d8e
  • python2-pymongo-0:3.6.1-11.module+el8.1.0+3446+c3d52da3
  • python2-pymongo-debuginfo-0:3.6.1-11.module+el8.1.0+3446+c3d52da3
  • python2-pymongo-gridfs-0:3.6.1-11.module+el8.1.0+3446+c3d52da3
  • python2-pysocks-0:1.6.8-6.module+el8.1.0+3111+de3f2d8e
  • python2-pytest-0:3.4.2-13.module+el8.1.0+3111+de3f2d8e
  • python2-pytest-mock-0:1.9.0-4.module+el8.1.0+3111+de3f2d8e
  • python2-pytz-0:2017.2-12.module+el8.1.0+3111+de3f2d8e
  • python2-pyyaml-0:3.12-16.module+el8.1.0+3111+de3f2d8e
  • python2-pyyaml-debuginfo-0:3.12-16.module+el8.1.0+3111+de3f2d8e
  • python2-requests-0:2.20.0-3.module+el8.2.0+4577+feefd9b8
  • python2-rpm-macros-0:3-38.module+el8.1.0+3111+de3f2d8e
  • python2-scipy-0:1.0.0-20.module+el8.1.0+3323+7ac3e00f
  • python2-scipy-debuginfo-0:1.0.0-20.module+el8.1.0+3323+7ac3e00f
  • python2-setuptools-0:39.0.1-11.module+el8.1.0+3446+c3d52da3
  • python2-setuptools-wheel-0:39.0.1-11.module+el8.1.0+3446+c3d52da3
  • python2-setuptools_scm-0:1.15.7-6.module+el8.1.0+3111+de3f2d8e
  • python2-six-0:1.11.0-5.module+el8.1.0+3111+de3f2d8e
  • python2-sqlalchemy-0:1.3.2-1.module+el8.1.0+2994+98e054d6
  • python2-test-0:2.7.17-1.module+el8.2.0+4561+f4e0d66a
  • python2-tkinter-0:2.7.17-1.module+el8.2.0+4561+f4e0d66a
  • python2-tools-0:2.7.17-1.module+el8.2.0+4561+f4e0d66a
  • python2-urllib3-0:1.24.2-1.module+el8.1.0+3280+19512f10
  • python2-virtualenv-0:15.1.0-19.module+el8.1.0+3507+d69c168d
  • python2-wheel-1:0.31.1-2.module+el8.1.0+3725+aac5cd17
  • python2-wheel-wheel-1:0.31.1-2.module+el8.1.0+3725+aac5cd17
  • scipy-debugsource-0:1.0.0-20.module+el8.1.0+3323+7ac3e00f
  • platform-python-0:3.6.8-23.el8
  • platform-python-debug-0:3.6.8-23.el8
  • platform-python-devel-0:3.6.8-23.el8
  • python3-debuginfo-0:3.6.8-23.el8
  • python3-debugsource-0:3.6.8-23.el8
  • python3-idle-0:3.6.8-23.el8
  • python3-libs-0:3.6.8-23.el8
  • python3-test-0:3.6.8-23.el8
  • python3-tkinter-0:3.6.8-23.el8

References