DEBIAN-CVE-2016-5699

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2016-5699

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2016-5699.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2016-5699

Upstream

CVE-2016-5699

Published

2016-09-02T14:59:07Z

Modified

2025-09-25T22:40:31Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL.

References

https://security-tracker.debian.org/tracker/CVE-2016-5699

Affected packages

Debian:11 / python2.7

Package

Name: python2.7
Purl: pkg:deb/debian/python2.7?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.7.10~rc1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}