Description

The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests.

Remediation

References

CVE-2016-1000110

Related Vulnerabilities

WordPress Plugin Disqus Comment System Multiple Cross-Site Request Forgery Vulnerabilities (2.77)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2007-3294)

ATutor Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-12170)

WordPress Plugin Imsanity Unspecified Vulnerability (2.3.3)

Roundcube Multiple Buffer Overflow Vulnerabilities (CVE-2015-2181)

Severity

Medium

Classification

CVE-2016-1000110 CWE-601 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities