urllib HTTP header injection CVE-2016-5699
I
Internet Bug Bounty
Submitted None
Team Summary
Official summary from Internet Bug Bounty
It was found that the Python's httplib library (used by urllib, urllib2 and others) did not properly check HTTPConnection.putheader() function arguments. An attacker could use this flaw to inject additional headers in a Python application that allowed user provided header names or values. More details: https://bugs.python.org/issue22928
Actions:
Reported by
guido
Vulnerability Details
Technical details and impact analysis
https://bugs.python.org/issue22928
https://access.redhat.com/security/cve/cve-2016-5699
Report Details
Additional information and metadata
State
Closed
Substate
Resolved