5.3

CVE-2016-1000111

EPSS 0.58%
Veröffentlicht 11.03.2020 20:15:11
Zuletzt bearbeitet 25.11.2024 18:12:24
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Twisted ≫ Twisted Version < 16.3.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.58%	0.664

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

CWE-425 Direct Request ('Forced Browsing')

The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html

Third Party Advisory

https://twistedmatrix.com/pipermail/twisted-web/2016-August/005268.html

Vendor Advisory

Mailing List

https://twistedmatrix.com/trac/ticket/8623

Patch

Vendor Advisory

https://www.openwall.com/lists/oss-security/2016/07/18/6

Third Party Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2016-1000111

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-1000111

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-1000111

EUVD