HTTP Response Splitting

Affecting python2.7 package, versions <2.7.10~rc1-1

Report new vulnerabilities
Do your applications use this vulnerable package? Test your applications

Overview

CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL.

References

CVSS Score

6.1
medium severity
  • Attack Vector
    Network
  • Attack Complexity
    Low
  • Privileges Required
    None
  • User Interaction
    Required
  • Scope
    Changed
  • Confidentiality
    Low
  • Integrity
    Low
  • Availability
    None
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE
CVE-2016-5699
CWE
CWE-113
Snyk ID
SNYK-DEBIAN9-PYTHON27-306549
Disclosed
02 Sep, 2016
Published
02 Sep, 2016