CVE-2016-1000110

MEDIUM EXPLOITED

Python <2.7.12 - Open Redirect

Title source: llm

Description

The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests.

References (5)

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html

[Issue Tracking, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000110

[Issue Tracking, Third Party Advisory] https://bugzilla.suse.com/show_bug.cgi?id=CVE-2016-1000110

[Third Party Advisory] https://security-tracker.debian.org/tracker/CVE-2016-1000110

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7K3WFJO3SJQCODKRKU6EQV3ZGHH53YPU/

Scores

CVSS v3 6.1

EPSS 0.0990

EPSS Percentile 92.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitation Intel

VulnCheck KEV 2024-05-06

Classification

CWE

CWE-601

Status published

Affected Products (5)

python/python < 2.7.13

debian/debian_linux

fedoraproject/fedora

Timeline

Published Nov 27, 2019

Tracked Since Feb 18, 2026