REDHAT-BUG-1727276: CRLF Injection
First published: Fri Jul 05 2019(Updated: )
An issue was discovered in urllib/urllib2 in Python. CRLF injection is possible if the attacker controls the host part of the url parameter passed to urlopen(). The fix for <a href="https://access.redhat.com/security/cve/CVE-2019-9947">CVE-2019-9947</a> is ineffective if the glibc version used by python is still affected by <a href="https://access.redhat.com/security/cve/CVE-2016-10739">CVE-2016-10739</a>. The original fix for <a href="https://access.redhat.com/security/cve/CVE-2019-9947">CVE-2019-9947</a> only checked the part of the URL after the port (e.g. in "<a href="http://server:7777/my/path?query">http://server:7777/my/path?query</a>" only "/my/path?query" was checked for invalid characters) so if an attacker can control the hostname part he is still able to inject HTTP headers. Due to <a href="https://access.redhat.com/security/cve/CVE-2016-10739">CVE-2016-10739</a>, getaddrinfo() resolves an invalid hostname as a valid one, so the URL can contain CLRF sequences and, at the same time, it can be resolved to a valid host. Reference: <a href="https://bugs.python.org/issue30458#msg347282">https://bugs.python.org/issue30458#msg347282</a>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| urllib3 | ||
| urllib |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/security/cve/CVE-2019-9947
- https://access.redhat.com/security/cve/CVE-2016-10739
- http://server:7777/my/path?query
- https://bugs.python.org/issue30458#msg347282
- https://bugs.python.org/issue38576
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1765145
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1765146
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1765138
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1765139
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1765140
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1765141
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1765142
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1765143
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1765144
- https://access.redhat.com/errata/RHSA-2020:4285
- https://access.redhat.com/security/cve/cve-2019-18348
- https://access.redhat.com/errata/RHSA-2020:4273
- https://bugzilla.redhat.com/show_bug.cgi?id=1727276
Frequently Asked Questions
What is the severity of REDHAT-BUG-1727276?
The severity of REDHAT-BUG-1727276 is considered high due to the potential for CRLF injection.
How do I fix REDHAT-BUG-1727276?
To fix REDHAT-BUG-1727276, ensure you update to the latest version of Python urllib or urllib2 that addresses this vulnerability.
Which versions of Python are affected by REDHAT-BUG-1727276?
Python urllib and urllib2 are both affected by REDHAT-BUG-1727276, particularly in configurations where the host part of the URL can be controlled.
What type of vulnerability does REDHAT-BUG-1727276 represent?
REDHAT-BUG-1727276 represents a CRLF injection vulnerability that can be exploited through controlled URL parameters.
Is the fix for CVE-2019-9947 sufficient for REDHAT-BUG-1727276?
No, the fix for CVE-2019-9947 is reported to be ineffective for REDHAT-BUG-1727276 under certain glibc versions.
- agent/references
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2019-18348
- agent/severity
- agent/weakness
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/python
- canonical/urllib3
- canonical/urllib