CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
12 Feb 2023, 23:24
Type | Values Removed | Values Added |
---|---|---|
Summary | CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL. | |
References |
|
02 Feb 2023, 21:17
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | It was found that the Python's httplib library (used by urllib, urllib2 and others) did not properly check HTTPConnection.putheader() function arguments. An attacker could use this flaw to inject additional headers in a Python application that allowed user provided header names or values. |
Information
Published : 2016-09-02 14:59
Updated : 2023-12-10 11:46
NVD link : CVE-2016-5699
Mitre link : CVE-2016-5699
CVE.ORG link : CVE-2016-5699
JSON object : View
Products Affected
python
- python
CWE
CWE-113
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')