oss-sec mailing list archives
CVE request: Python HTTP header injection in urrlib2/urllib/httplib/http.client
From: Cedric Buissart <cbuissar () redhat com>
Date: Tue, 14 Jun 2016 16:12:25 +0200
Hi, I would like to request a CVE for a Python header injection flaw in urrlib2/urllib/httplib/http.client. HTTPConnection.putheader() allows unsafe characters, which can be used to inject additional headers. Upstream bug with reproducer : https://bugs.python.org/issue22928 Kind regards, -- Cedric Buissart, Product Security Purkynova 99 Brno 612 45
Current thread:
- CVE request: Python HTTP header injection in urrlib2/urllib/httplib/http.client Cedric Buissart (Jun 14)
- Re: CVE request: Python HTTP header injection in urrlib2/urllib/httplib/http.client Tim (Jun 14)
- Re: CVE request: Python HTTP header injection in urrlib2/urllib/httplib/http.client Cedric Buissart (Jun 15)
- Re: CVE request: Python HTTP header injection in urrlib2/urllib/httplib/http.client Tim (Jun 15)
- Re: CVE request: Python HTTP header injection in urrlib2/urllib/httplib/http.client Cedric Buissart (Jun 17)
- Re: CVE request: Python HTTP header injection in urrlib2/urllib/httplib/http.client Marcus Meissner (Jun 23)
- Re: CVE request: Python HTTP header injection in urrlib2/urllib/httplib/http.client cve-assign (Jun 23)
- Re: CVE request: Python HTTP header injection in urrlib2/urllib/httplib/http.client Cedric Buissart (Jun 15)
- Re: CVE request: Python HTTP header injection in urrlib2/urllib/httplib/http.client Tim (Jun 14)