Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2016-1000111

Published: 11/03/2020 Updated: 13/03/2020
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Subscribe to Twistedmatrix

Vulnerability Summary

Twisted prior to 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote malicious users to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

twistedmatrix twisted

Vendor Advisories

Ubuntu Security Notice: twisted vulnerability
Twisted could be made to run programs if it received specially crafted network traffic ...
Red Hat: Important: Red Hat Satellite 6 security, bug fix, and enhancement update
Synopsis Important: Red Hat Satellite 6 security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat Satellite 62 for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a sec ...
Red Hat: Important: python-twisted-web security update
Synopsis Important: python-twisted-web security update Type/Severity Security Advisory: Important Topic An update for python-twisted-web is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A C ...
Amazon Linux AMI: ALAS-2016-760
It was discovered that python-twisted-web used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests A remote attacker could possibly use this flaw to redirect HTT ...
Red Hat: CVE-2016-1000111
Impact: Important Public Date: 2016-07-18 CWE: CWE-20 Bugzilla: 1357345: CVE-2016-1000111 Python Twiste ...

References

CWE-425http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.htmlhttps://www.openwall.com/lists/oss-security/2016/07/18/6https://twistedmatrix.com/trac/ticket/8623https://twistedmatrix.com/pipermail/twisted-web/2016-August/005268.htmlhttps://usn.ubuntu.com/3585-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook