Bugzilla – Bug 989997
VUL-0: CVE-2016-1000111: python-Twisted: sets environmental variable based on user supplied Proxy request header
Last modified: 2018-12-16 07:54:19 UTC
rh#1357345 Dominic Scheirlinck of VendHQ reports: Many software projects and vendors have implemented support for the “Proxy” request header in their respective CGI implementations and languages by creating the “HTTP_PROXY” environmental variable based on the header value. When this variable is used (in many cases automatically by various HTTP client libraries) any outgoing requests generated in turn from the attackers original request can be redirected to an attacker controlled proxy. This allows attackers to view potentially sensitive information, reply with malformed data, or to hold connections open causing a potential denial of service. References: https://bugzilla.redhat.com/show_bug.cgi?id=1357345 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1000111 http://seclists.org/oss-sec/2016/q3/95 http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1000111.html
bugbot adjusting priority
Submitted as - https://build.suse.de/request/show/125109 - https://build.opensuse.org/request/show/443751
openSUSE-SU-2016:3157-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 989997 CVE References: CVE-2016-1000111 Sources used: openSUSE Leap 42.1 (src): python-Twisted-15.4.0-3.1
SUSE-SU-2017:0114-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 989997 CVE References: CVE-2016-1000111 Sources used: SUSE Linux Enterprise Module for Web Scripting 12 (src): python-Twisted-15.2.1-8.1 SUSE Enterprise Storage 4 (src): python-Twisted-15.2.1-8.1 SUSE Enterprise Storage 3 (src): python-Twisted-15.2.1-8.1
fixed in all current products