The CGIHandler class in Python prior to 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote malicious user to redirect HTTP requests.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
python python |
||
debian debian linux 8.0 |
||
debian debian linux 9.0 |
||
debian debian linux 10.0 |
||
fedoraproject fedora 23 |
So you know it's really scary
A dangerous easy-to-exploit vulnerability discovered 15 years ago has reared its head again, leaving server-side website software potentially open to hijackers. The Apache Software Foundation, Red Hat, Ngnix and others have rushed to warn programmers of the so-called httpoxy flaw, specifically: CVE-2016-5385 in PHP; CVE-2016-5386 in Go; CVE-2016-5387 in Apache HTTP server; CVE-2016-5388 in Apache TomCat; CVE-2016-1000109 in PHP-engine HHVM; and CVE-2016-1000110 in Python. This security hole, pre...