critical
9.8
CWE
172 522
Advisory Published
CVE Published
Updated

CVE-2019-10160

First published: Mon Jun 03 2019(Updated: )

A security regression for <a href="https://access.redhat.com/security/cve/CVE-2019-9636">CVE-2019-9636</a> was discovered in python's functions urllib.parse.urlsplit and urllib.parse.urlparse, introduced with commit d537ab0ff9767ef024f26246899728f0116b1ec3. No upstream python version is affected by this regression but the vulnerable commit may already have been included downstream as part of the original fix for <a href="https://access.redhat.com/security/cve/CVE-2019-9636">CVE-2019-9636</a>. Affected python versions ignore the user/password part before `@` in the netloc component of a URL, thus it still allows an attacker to exploit the vulnerability as in <a href="https://access.redhat.com/security/cve/CVE-2019-9636">CVE-2019-9636</a>. Those functions do not properly handle URLs encoded with Punycode/Internationalizing Domain Names in Applications (IDNA), which may result in a wrong domain name (specifically the netloc component of URL - user@domain:port) being returned by those functions. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application. External Reference <a href="https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization2.html">https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization2.html</a> Vulnerable commit <a href="https://github.com/python/cpython/commit/d537ab0ff9767ef024f26246899728f0116b1ec3">https://github.com/python/cpython/commit/d537ab0ff9767ef024f26246899728f0116b1ec3</a> Upstream patch <a href="https://github.com/python/cpython/commit/8d0ef0b5edeae52960c7ed05ae8a12388324f87e">https://github.com/python/cpython/commit/8d0ef0b5edeae52960c7ed05ae8a12388324f87e</a>

Credit: secalert@redhat.com secalert@redhat.com

Affected SoftwareAffected VersionHow to fix
redhat/python<0:2.7.5-80.el7_6
0:2.7.5-80.el7_6
redhat/python27-python<0:2.7.16-6.el6
0:2.7.16-6.el6
redhat/python27-python<0:2.7.16-6.el7
0:2.7.16-6.el7
redhat/imgbased<0:1.1.9-0.1.el7e
0:1.1.9-0.1.el7e
redhat/ovirt-node-ng<0:4.3.5-0.20190717.0.el7e
0:4.3.5-0.20190717.0.el7e
redhat/redhat-release-virtualization-host<0:4.3.5-2.el7e
0:4.3.5-2.el7e
redhat/redhat-virtualization-host<0:4.3.5-20190722.0.el7_7
0:4.3.5-20190722.0.el7_7
Python Python>=2.7.0<2.7.17
Python Python>=3.5.0<3.5.8
Python Python>=3.6.0<3.6.9
Python Python>=3.7.0<3.7.4
Python Python=3.8.0-alpha4
Python Python=3.8.0-beta1
Redhat Enterprise Linux Desktop=7.0
Redhat Enterprise Linux Eus=7.6
Redhat Enterprise Linux Server=7.0
Redhat Enterprise Linux Server Aus=7.6
Redhat Enterprise Linux Server Tus=7.6
Redhat Enterprise Linux Workstation=7.0
Debian Debian Linux=8.0
Debian Debian Linux=9.0
openSUSE Leap=15.0
openSUSE Leap=15.1
Fedoraproject Fedora=29
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Canonical Ubuntu Linux=12.04
Canonical Ubuntu Linux=14.04
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=19.04
Redhat Virtualization=4.0
Redhat Enterprise Linux=7.0
Netapp Cloud Backup
Netapp Converged Systems Advisor Agent
All of
Redhat Virtualization=4.0
Redhat Enterprise Linux=7.0
debian/python2.7
2.7.18-8+deb11u1

Remedy

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10160

Remedy

https://github.com/python/cpython/commit/250b62acc59921d399f0db47db3b462cd6037e09

Remedy

https://github.com/python/cpython/commit/8d0ef0b5edeae52960c7ed05ae8a12388324f87e

Remedy

https://github.com/python/cpython/commit/f61599b050c621386a3fc6bc480359e2d3bb93de

Remedy

https://github.com/python/cpython/commit/fd1771dbdd28709716bd531580c40ae5ed814468

Remedy

https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization2.html

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

  • What is CVE-2019-10160?

    CVE-2019-10160 is a security regression vulnerability in Python, affecting versions 2.7, 3.5, 3.6, 3.7, and from v3.8.0a4 through v3.8.0b1.

  • How severe is CVE-2019-10160?

    CVE-2019-10160 has a severity rating of 9.8 (Critical).

  • Which software versions are affected by CVE-2019-10160?

    CVE-2019-10160 affects Python versions 2.7, 3.5, 3.6, 3.7, and from v3.8.0a4 through v3.8.0b1.

  • How can CVE-2019-10160 be exploited?

    CVE-2019-10160 can be exploited by abusing the user and password parts of a URL.

  • Are there any remediation steps available for CVE-2019-10160?

    Yes, remediation steps are available. Please refer to the provided references for more information.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203