PT-2016-7891 · Bottle · Bottle

Altop

Publicado

2016-12-16

Atualizado

2022-05-17

CVE-2016-9964

CVSS v4.0

7.1

Alta

Vetor

AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions bottle versions 0.12.10

Description The issue concerns a CRLF attack due to the redirect() function in bottle.py not filtering a "r " sequence. This is demonstrated by a redirect("233r Set-Cookie: name=salt") call, which can lead to security issues.

Recommendations For version 0.12.10, consider disabling the redirect() function until a patch is available to prevent potential CRLF attacks. Restrict access to the redirect() function to minimize the risk of exploitation. Avoid using the redirect() function with unfiltered user input until the issue is resolved.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-93

Identificadores relacionados

CVE-2016-9964

DLA-761-1

DSA-3743-1

DSA-3743-2

GHSA-J6F7-HGHW-G437

MGASA-2017-0031

OPENSUSE-SU-2024:11220-1

PYSEC-2016-24

Produtos afetados

Bottle

PT-2016-7891 · Bottle · Bottle

CVE-2016-9964

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 24