Debian Bug report logs -
#924072
python37: CVE-2019-9636: urlsplit does not handle NFKC normalization
Package:
src:python37;
Maintainer for src:python37 is Matthias Klose <doko@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sat, 9 Mar 2019 10:18:01 UTC
Severity: important
Tags: security, ...
Several security issues were fixed in Python ...
Several security issues were fixed in Python ...
Synopsis
Important: python security update
Type/Severity
Security Advisory: Important
Topic
An update for python is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, w ...
Synopsis
Important: python security update
Type/Severity
Security Advisory: Important
Topic
An update for python is now available for Red Hat Enterprise Linux 75 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...
Synopsis
Important: python27:27 security update
Type/Severity
Security Advisory: Important
Topic
An update for the python27:27 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Syst ...
Synopsis
Important: python27-python security update
Type/Severity
Security Advisory: Important
Topic
An update for python27-python is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System ...
Synopsis
Important: rh-python36-python security update
Type/Severity
Security Advisory: Important
Topic
An update for rh-python36-python is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...
Synopsis
Important: python security update
Type/Severity
Security Advisory: Important
Topic
An update for python is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, w ...
Synopsis
Important: python27-python security update
Type/Severity
Security Advisory: Important
Topic
An update for python27-python is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System ...
Synopsis
Important: python security update
Type/Severity
Security Advisory: Important
Topic
An update for python is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, w ...
Synopsis
Important: python security update
Type/Severity
Security Advisory: Important
Topic
An update for python is now available for Red Hat Enterprise Linux 74 Advanced Update Support, Red Hat Enterprise Linux 74 Telco Extended Update Support, and Red Hat Enterprise Linux 74 Update Services for SAP Sol ...
Synopsis
Important: python3 security update
Type/Severity
Security Advisory: Important
Topic
An update for python3 is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, ...
Synopsis
Important: rh-python35-python security update
Type/Severity
Security Advisory: Important
Topic
An update for rh-python35-python is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...
Synopsis
Important: Red Hat Virtualization security update
Type/Severity
Security Advisory: Important
Topic
An update for redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Impo ...
Impact:
Important
Public Date:
2019-03-06
CWE:
CWE-200
Bugzilla:
1688543:
CVE-2019-9636 python: Informa ...
Python 27x through 2716 and 3x through 372 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization The impact is: Information disclosure (credentials, cookies, etc that are cached against a given hostname) The components are: urllibparseurlsplit, urllibparseurlparse The attack vector ...
A null pointer dereference vulnerability was found in the certificate parsing code in Python This causes a denial of service to applications when parsing specially crafted certificates This vulnerability is unlikely to be triggered if application enables SSL/TLS certificate validation and accepts certificates only from trusted root certificate au ...
Python 27x through 2716 and 3x through 372 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization The impact is: Information disclosure (credentials, cookies, etc that are cached against a given hostname) The components are: urllibparseurlsplit, urllibparseurlparse The attack vector ...
A security regression of CVE-2019-9636 was discovered in python, since commit d537ab0ff9767ef024f26246899728f0116b1ec3, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it ...
Python is affected by improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization The impact is: Information disclosure (credentials, cookies, etc that are cached against a given hostname) The components are: urllibparseurlsplit, urllibparseurlparse The attack vector is: A specially crafted URL could be incorr ...
Python 27x through 2716 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization The impact is: Information disclosure (credentials, cookies, etc that are cached against a given hostname) The components are: urllibparseurlsplit, urllibparseurlparse The attack vector is: A specially craf ...
An issue was discovered in urllib2 in Python 2x and urllib in Python 3x CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllibrequesturlopen with \r\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command (CVE-2019-9740, CVE-2019-9947) ...
Python is affected by improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization The impact is information disclosure (credentials, cookies, etc that are cached against a given hostname) The components are: urllibparseurlsplit, urllibparseurlparse The attack vector is: A specially crafted URL could be incorre ...