Published: 16/12/2016 Updated: 11/01/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

redirect() in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect("233\r\nSet-Cookie: name=salt") call.

Vulnerable Product	Search on Vulmon	Subscribe to Product
bottlepy bottle 0.12.10
debian debian linux 8.0

Debian Bug report logs - #848392 python-bottle: CVE-2016-9964: redirect() doesn't filter "\r\n" which allows for CRLF attack Package: src:python-bottle; Maintainer for src:python-bottle is Federico Ceratto <federico@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 17 Dec 2016 06:39:01 UTC ...

It was discovered that bottle, a WSGI-framework for the Python programming language, did not properly filter "\r\n" sequences when handling redirections This allowed an attacker to perform CRLF attacks such as HTTP header injection For the stable distribution (jessie), this problem has been fixed in version 0127-1+deb8u1 For the testing (stret ...

CWE-93 https://github.com/bottlepy/bottle/issues/913 https://github.com/bottlepy/bottle/commit/6d7e13da0f998820800ecb3fe9ccee4189aefb54 http://www.securityfocus.com/bid/94961 http://www.debian.org/security/2016/dsa-3743 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848392 https://nvd.nist.gov https://www.debian.org/security/./dsa-3743

CVE-2016-9964

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect