[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247768

 
 

909

 
 

194555

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2020-26116Date: (C)2020-09-28   (M)2024-02-16


http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 7.2CVSS Score : 6.4
Exploit Score: 3.9Exploit Score: 10.0
Impact Score: 2.7Impact Score: 4.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: PARTIAL
Scope: CHANGEDIntegrity: PARTIAL
Confidentiality: LOWAvailability: NONE
Integrity: LOW 
Availability: NONE 
  
Reference:
FEDORA-2020-221823ebdd
FEDORA-2020-887d3fa26f
FEDORA-2020-d30881c970
FEDORA-2020-d42cb01973
FEDORA-2020-e33acdea18
GLSA-202101-18
USN-4581-1
https://lists.debian.org/debian-lts-announce/2020/11/msg00032.html
https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html
https://bugs.python.org/issue39603
https://python-security.readthedocs.io/vuln/http-header-injection-method.html
https://security.netapp.com/advisory/ntap-20201023-0001/
https://www.oracle.com/security-alerts/cpuoct2021.html
openSUSE-SU-2020:1859

CPE    3
cpe:/o:debian:debian_linux:9.0
cpe:/o:canonical:ubuntu_linux:18.04::~~lts~~~
cpe:/a:python:python
CWE    1
CWE-74
OVAL    45
oval:org.secpod.oval:def:1601210
oval:org.secpod.oval:def:118849
oval:org.secpod.oval:def:89002805
oval:org.secpod.oval:def:67174
...

© SecPod Technologies