{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-03-12T00:00:00", "descriptions": [{"lang": "en", "value": "CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-01-21T21:06:39", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.splunk.com/view/SP-CAAAPUE"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://hg.python.org/cpython/rev/1c45047c5102"}, {"name": "RHSA-2016:1630", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1630.html"}, {"name": "RHSA-2016:1627", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1627.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://hg.python.org/cpython/rev/bf3e1c9b80e9"}, {"name": "RHSA-2016:1629", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1629.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.splunk.com/view/SP-CAAAPSV"}, {"name": "[oss-security] 20160616 Re: CVE request: Python HTTP header injection in urrlib2/urllib/httplib/http.client", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/06/16/2"}, {"name": "[debian-lts-announce] 20190207 [SECURITY] [DLA 1663-1] python3.4 security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00011.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://hg.python.org/cpython/raw-file/v2.7.10/Misc/NEWS"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://docs.python.org/3.4/whatsnew/changelog.html#python-3-4-4"}, {"name": "[oss-security] 20160615 Re: CVE request: Python HTTP header injection in urrlib2/urllib/httplib/http.client", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/06/15/12"}, {"tags": ["x_refsource_MISC"], "url": "http://blog.blindspotsecurity.com/2016/06/advisory-http-header-injection-in.html"}, {"name": "[oss-security] 20160614 CVE request: Python HTTP header injection in urrlib2/urllib/httplib/http.client", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/06/14/7"}, {"name": "91226", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/91226"}, {"name": "RHSA-2016:1628", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1628.html"}, {"name": "RHSA-2016:1626", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1626.html"}, {"name": "openSUSE-SU-2020:0086", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T01:07:59.909Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.splunk.com/view/SP-CAAAPUE"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://hg.python.org/cpython/rev/1c45047c5102"}, {"name": "RHSA-2016:1630", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1630.html"}, {"name": "RHSA-2016:1627", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1627.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://hg.python.org/cpython/rev/bf3e1c9b80e9"}, {"name": "RHSA-2016:1629", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1629.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.splunk.com/view/SP-CAAAPSV"}, {"name": "[oss-security] 20160616 Re: CVE request: Python HTTP header injection in urrlib2/urllib/httplib/http.client", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2016/06/16/2"}, {"name": "[debian-lts-announce] 20190207 [SECURITY] [DLA 1663-1] python3.4 security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00011.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://hg.python.org/cpython/raw-file/v2.7.10/Misc/NEWS"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://docs.python.org/3.4/whatsnew/changelog.html#python-3-4-4"}, {"name": "[oss-security] 20160615 Re: CVE request: Python HTTP header injection in urrlib2/urllib/httplib/http.client", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2016/06/15/12"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://blog.blindspotsecurity.com/2016/06/advisory-http-header-injection-in.html"}, {"name": "[oss-security] 20160614 CVE request: Python HTTP header injection in urrlib2/urllib/httplib/http.client", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2016/06/14/7"}, {"name": "91226", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/91226"}, {"name": "RHSA-2016:1628", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1628.html"}, {"name": "RHSA-2016:1626", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1626.html"}, {"name": "openSUSE-SU-2020:0086", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2016-5699", "datePublished": "2016-09-02T14:00:00", "dateReserved": "2016-06-16T00:00:00", "dateUpdated": "2024-08-06T01:07:59.909Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "matchCriteriaId": "B863CAEA-588A-4708-88E0-2B073EEB70EA", "versionEndIncluding": "2.7.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:python:python:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "FC0C702F-59E0-40AB-BA95-8F0803AB0550", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3190C547-7230-476C-A43F-641FE7B891EB", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B370D065-D08F-46B3-8B7B-8477A77F8E85", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "2B547525-E0DB-4D64-8ED1-AF3F1B6FF65F", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "19064C18-1CD7-4F10-8065-4B900BB31F83", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "B1997CB6-FD72-4B13-915A-7500AA06F4B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "06A1811C-4E97-4226-8335-ADF0827A03B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "BF2C50D1-187B-4E98-BA02-008D0ED4C220", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "B511BDFA-D1DC-4E50-9A08-66DA05947A43", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "0708E98D-5C84-47DC-89E5-8BB7CFFB12A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "6595C4F3-5683-4889-AD30-83840F6A58D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "027FD902-9B08-4EDF-9F83-314FBF0583ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "89FB9D30-8559-4F57-9D20-DC603765B346", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "957FCB4A-32D0-4449-8995-80144CC713B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "C17A0E8D-7611-42F7-896E-F2B3BC25643D", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "875ABC97-2783-41DA-AB9F-9E6F0870B74C", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "5262D28D-204C-41E8-BC4D-27372E366295", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "121225D0-C5DA-4F26-93B8-3D56BC1D38B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "52DD66F7-FE7B-4C1C-B07B-F9E4CEEA7AFD", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "6C2C18A1-F202-4E48-8E29-F250AD1A6737", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "5EE1602B-6ECB-492B-BFEB-21AF40EE4A4A", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "64662850-7460-46C2-852E-E047874F9660", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "6D6658A8-E57E-4743-95D5-074F990D0D1B", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "F6C65BBA-4DC7-4F2F-90B1-75C6F3C68FBE", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "0D0DBAEE-599A-44EB-A1E4-94CEBB406CAE", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "4CE28365-977E-47F2-8E2C-635D287149C1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n CRLF en la funci\u00f3n HTTPConnection.putheader en urllib2 y urllib en CPython (tambi\u00e9n conocido como Python) en versiones anteriores a 2.7.10 y 3.x en versiones anteriores a 3.4.4 permite a atacantes remotos inyectar cabeceras HTTP arbitrarias a trav\u00e9s de secuencias CRLF en una URL."}], "id": "CVE-2016-5699", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-09-02T14:59:07.003", "references": [{"source": "secalert@redhat.com", "tags": ["Exploit", "Third Party Advisory"], "url": "http://blog.blindspotsecurity.com/2016/06/advisory-http-header-injection-in.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2016-1626.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2016-1627.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2016-1628.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2016-1629.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2016-1630.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2016/06/14/7"}, {"source": "secalert@redhat.com", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2016/06/15/12"}, {"source": "secalert@redhat.com", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2016/06/16/2"}, {"source": "secalert@redhat.com", "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/91226"}, {"source": "secalert@redhat.com", "url": "http://www.splunk.com/view/SP-CAAAPSV"}, {"source": "secalert@redhat.com", "url": "http://www.splunk.com/view/SP-CAAAPUE"}, {"source": "secalert@redhat.com", "tags": ["Release Notes"], "url": "https://docs.python.org/3.4/whatsnew/changelog.html#python-3-4-4"}, {"source": "secalert@redhat.com", "tags": ["Release Notes"], "url": "https://hg.python.org/cpython/raw-file/v2.7.10/Misc/NEWS"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://hg.python.org/cpython/rev/1c45047c5102"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://hg.python.org/cpython/rev/bf3e1c9b80e9"}, {"source": "secalert@redhat.com", "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00011.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "http://blog.blindspotsecurity.com/2016/06/advisory-http-header-injection-in.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2016-1626.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2016-1627.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2016-1628.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2016-1629.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2016-1630.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2016/06/14/7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2016/06/15/12"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2016/06/16/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/91226"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.splunk.com/view/SP-CAAAPSV"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.splunk.com/view/SP-CAAAPUE"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://docs.python.org/3.4/whatsnew/changelog.html#python-3-4-4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://hg.python.org/cpython/raw-file/v2.7.10/Misc/NEWS"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://hg.python.org/cpython/rev/1c45047c5102"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://hg.python.org/cpython/rev/bf3e1c9b80e9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00011.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-113"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2016:1626", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "python-0:2.6.6-66.el6_8", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2016-08-18T00:00:00Z"}, {"advisory": "RHSA-2016:1626", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "python-0:2.7.5-38.el7_2", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2016-08-18T00:00:00Z"}, {"advisory": "RHSA-2016:1628", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "python27-python-0:2.7.8-18.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2016-08-18T00:00:00Z"}, {"advisory": "RHSA-2016:1629", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "python33-python-0:3.3.2-18.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2016-08-18T00:00:00Z"}, {"advisory": "RHSA-2016:1630", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "rh-python34-python-0:3.4.2-14.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2016-08-18T00:00:00Z"}, {"advisory": "RHSA-2016:1628", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "python27-python-0:2.7.8-18.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS", "release_date": "2016-08-18T00:00:00Z"}, {"advisory": "RHSA-2016:1629", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "python33-python-0:3.3.2-18.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS", "release_date": "2016-08-18T00:00:00Z"}, {"advisory": "RHSA-2016:1630", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "rh-python34-python-0:3.4.2-14.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS", "release_date": "2016-08-18T00:00:00Z"}, {"advisory": "RHSA-2016:1628", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "python27-python-0:2.7.8-18.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS", "release_date": "2016-08-18T00:00:00Z"}, {"advisory": "RHSA-2016:1629", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "python33-python-0:3.3.2-18.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS", "release_date": "2016-08-18T00:00:00Z"}, {"advisory": "RHSA-2016:1630", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "rh-python34-python-0:3.4.2-14.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS", "release_date": "2016-08-18T00:00:00Z"}, {"advisory": "RHSA-2016:1627", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-python35-python-0:3.5.1-9.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2016-08-18T00:00:00Z"}, {"advisory": "RHSA-2016:1628", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "python27-python-0:2.7.8-16.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2016-08-18T00:00:00Z"}, {"advisory": "RHSA-2016:1629", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "python33-python-0:3.3.2-16.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2016-08-18T00:00:00Z"}, {"advisory": "RHSA-2016:1630", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-python34-python-0:3.4.2-13.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2016-08-18T00:00:00Z"}, {"advisory": "RHSA-2016:1627", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-python35-python-0:3.5.1-9.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS", "release_date": "2016-08-18T00:00:00Z"}, {"advisory": "RHSA-2016:1628", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "python27-python-0:2.7.8-16.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS", "release_date": "2016-08-18T00:00:00Z"}, {"advisory": "RHSA-2016:1629", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "python33-python-0:3.3.2-16.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS", "release_date": "2016-08-18T00:00:00Z"}, {"advisory": "RHSA-2016:1630", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-python34-python-0:3.4.2-13.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS", "release_date": "2016-08-18T00:00:00Z"}, {"advisory": "RHSA-2016:1627", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-python35-python-0:3.5.1-9.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS", "release_date": "2016-08-18T00:00:00Z"}, {"advisory": "RHSA-2016:1628", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "python27-python-0:2.7.8-16.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS", "release_date": "2016-08-18T00:00:00Z"}, {"advisory": "RHSA-2016:1629", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "python33-python-0:3.3.2-16.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS", "release_date": "2016-08-18T00:00:00Z"}, {"advisory": "RHSA-2016:1630", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-python34-python-0:3.4.2-13.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS", "release_date": "2016-08-18T00:00:00Z"}], "bugzilla": {"description": "python: http protocol steam injection attack", "id": "1303699", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1303699"}, "csaw": false, "cvss": {"cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "status": "verified"}, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "status": "verified"}, "cwe": "CWE-20", "details": ["CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL.", "It was found that the Python's httplib library (used by urllib, urllib2 and others) did not properly check HTTPConnection.putheader() function arguments. An attacker could use this flaw to inject additional headers in a Python application that allowed user provided header names or values."], "name": "CVE-2016-5699", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "python", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2014-11-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-5699\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5699"], "threat_severity": "Moderate"}