What is the severity of REDHAT-BUG-1303699?

The severity of REDHAT-BUG-1303699 is considered moderate, as it allows for the injection of additional HTTP headers.

How do I fix REDHAT-BUG-1303699?

To fix REDHAT-BUG-1303699, you should update Python to the latest patched versions that address this vulnerability.

Which versions of Python are affected by REDHAT-BUG-1303699?

REDHAT-BUG-1303699 affects Python versions 2.7 and 3.4 to 3.5.

What types of vulnerabilities are associated with REDHAT-BUG-1303699?

REDHAT-BUG-1303699 is associated with HTTP header injection vulnerabilities.

Where can I find more information about REDHAT-BUG-1303699?

More information about REDHAT-BUG-1303699 can be found in the associated Python bug reports and tracking systems.

Vulnerability/
REDHAT-BUG-1303699

medium

1/2/2016

29/9/2019

REDHAT-BUG-1303699

First published: Mon Feb 01 2016(Updated: )

A vulnerability in Python's http, ftp and url libraries was reported, allowing to inject additional HTTP headers and more. * Upstream bug: <a href="https://bugs.python.org/issue22928">https://bugs.python.org/issue22928</a> * Upstream patches Python 3.4 / 3.5 : revision 94952 : <a href="https://hg.python.org/cpython/rev/bf3e1c9b80e9">https://hg.python.org/cpython/rev/bf3e1c9b80e9</a> Python 2.7 : revision 94951 : <a href="https://hg.python.org/cpython/rev/1c45047c5102">https://hg.python.org/cpython/rev/1c45047c5102</a> Additional note : When used in combination with flaw described in <a class="bz_bug_link bz_status_CLOSED bz_closed bz_public " title="CLOSED ERRATA - CVE-2016-10739 glibc: getaddrinfo should reject IP addresses with trailing characters" href="show_bug.cgi?id=1347549">BZ 1347549</a>, an attacker could direct an HTTP connection to a malicious server, using the following combined issues: * Python's httplib does not validate HTTP header values. A malicious 'Host' header with quoted new lines can inject additional headers and more * glibc's getaddrinfo() ignores new lines and everything after a new line character when the first part looks like a IPv4 address See the following blog post for additional information: <a href="http://blog.blindspotsecurity.com/2016/06/advisory-http-header-injection-in.html">http://blog.blindspotsecurity.com/2016/06/advisory-http-header-injection-in.html</a>

Affected Software	Affected Version	How to fix
Python Babel Localedata	>=2.7<=2.7>=3.4<=3.5

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of REDHAT-BUG-1303699?
The severity of REDHAT-BUG-1303699 is considered moderate, as it allows for the injection of additional HTTP headers.
How do I fix REDHAT-BUG-1303699?
To fix REDHAT-BUG-1303699, you should update Python to the latest patched versions that address this vulnerability.
Which versions of Python are affected by REDHAT-BUG-1303699?
REDHAT-BUG-1303699 affects Python versions 2.7 and 3.4 to 3.5.
What types of vulnerabilities are associated with REDHAT-BUG-1303699?
REDHAT-BUG-1303699 is associated with HTTP header injection vulnerabilities.
Where can I find more information about REDHAT-BUG-1303699?
More information about REDHAT-BUG-1303699 can be found in the associated Python bug reports and tracking systems.

collector/redhat-bugzilla
alias/CVE-2016-5699
agent/references
agent/type
agent/first-publish-date
agent/last-modified-date
agent/severity
agent/description
agent/event
agent/tags
agent/softwarecombine
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/python
canonical/python babel localedata