CVE-2016-1000110

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2016-1000110
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-1000110.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-1000110
Aliases
Downstream
Related
Published
2019-11-27T17:15:14.090Z
Modified
2026-03-20T11:01:04.377901Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests.

References

Affected packages

Git / github.com/python/cpython

Affected ranges

Type
GIT
Repo
https://github.com/python/cpython
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
9c1426de7521299f70eb5483e7e25d1c2a73dbbd
Introduced
e054f452bd9118def58c18aa295662c9845e1c89
Fixed
17bf6b4671ec02d80ad29b278639d5307baddeb5
Introduced
3101b7076270756f8be699358c69c5d15ea2cc48
Fixed
7f10edebf0d6016d20af0fdae319f043718a991b
Introduced
2e789a1f1d84b343a996e8654590703b5fbdd441
Fixed
51ba5b7d0c194b0c2b1e5d647e70e3538b8dde3e
Database specific 
{
    "versions": [
        {
            "introduced": "2.7.0"
        },
        {
            "fixed": "2.7.13"
        },
        {
            "introduced": "3.3.0"
        },
        {
            "fixed": "3.3.7"
        },
        {
            "introduced": "3.4.0"
        },
        {
            "fixed": "3.4.6"
        },
        {
            "introduced": "3.5.0"
        },
        {
            "fixed": "3.5.3"
        }
    ]
}

Affected versions

2.*
2.5
3.*
3.2
v2.*
v2.5
v2.5.1
v2.5.1c1
v2.5.2
v2.5.2c1
v2.5.3
v2.5.3c1
v2.5.4
v2.5.5
v2.5.5c1
v2.5.5c2
v2.5.6
v2.5.6c1
v2.5a0
v2.5a1
v2.5a2
v2.5b1
v2.5b2
v2.5b3
v2.5c1
v2.5c2
v2.6
v2.6.1
v2.6.2
v2.6.2c1
v2.6.3
v2.6.3rc1
v2.6.4
v2.6.4rc1
v2.6.4rc2
v2.6.5
v2.6.5rc1
v2.6.5rc2
v2.6.6
v2.6.6rc1
v2.6.6rc2
v2.6.7
v2.6.8
v2.6.8rc1
v2.6.8rc2
v2.6a1
v2.6a2
v2.6a3
v2.6b1
v2.6b2
v2.6b3
v2.6rc1
v2.6rc2
v2.7
v2.7.1
v2.7.1rc1
v2.7.2
v2.7.2rc1
v2.7.3
v2.7.3rc1
v2.7.3rc2
v2.7.4rc1
v2.7a1
v2.7a2
v2.7a3
v2.7a4
v2.7b1
v2.7b2
v2.7rc1
v2.7rc2
v3.*
v3.2.4
v3.2.4rc1
v3.2.5
v3.2.6
v3.2.6rc1
v3.3.0
v3.3.1
v3.3.1rc1
v3.3.2
v3.3.3
v3.3.3rc1
v3.3.3rc2
v3.3.4
v3.3.4rc1
v3.3.5
v3.3.5rc1
v3.3.5rc2
v3.3.6
v3.3.6rc1
v3.4.0
v3.4.0a1
v3.4.0a2
v3.4.0a3
v3.4.0a4
v3.4.0b1
v3.4.0b2
v3.4.0b3
v3.4.0rc1
v3.4.0rc2
v3.4.0rc3
v3.4.1
v3.4.1rc1
v3.4.2
v3.4.2rc1
v3.4.3
v3.4.3rc1
v3.4.4
v3.4.4rc1
v3.4.5
v3.4.5rc1
v3.4.6rc1

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-1000110.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "10.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "23"
            }
        ]
    }
]