CVE-2016-1000110
MEDIUM EXPLOITEDPython < 2.7.13 - Open Redirect via HTTP_PROXY Variable
Title source: llmExploitation Summary
CVE-2016-1000110 has been observed exploited in the wild (reported by VulnCheck KEV).
Description
The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests.
References (5)
Core 5
Core References
Third Party Advisory x_refsource_misc
https://security-tracker.debian.org/tracker/CVE-2016-1000110
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000110
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2016-1000110
Mailing List, Third Party Advisory x_refsource_misc
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7K3WFJO3SJQCODKRKU6EQV3ZGHH53YPU/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
Scores
CVSS v3
6.1
EPSS
0.0990
EPSS Percentile
93.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
VulnCheck KEV
2024-05-06
CWE
CWE-601
Status
published
Products (5)
debian/debian_linux
8.0
debian/debian_linux
9.0
debian/debian_linux
10.0
fedoraproject/fedora
23
python/python
2.7.0 - 2.7.13
Published
Nov 27, 2019
Tracked Since
Feb 18, 2026