CVE-2016-1000111

Name of the Vulnerable Software and Affected Versions Twisted versions prior to 16.3.1

Description The issue arises from the software's failure to address RFC 3875 section 4.1.18 namespace conflicts, which leaves CGI applications unprotected from untrusted client data in the HTTP PROXY environment variable. This could allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, also known as an "httpoxy" issue.

Recommendations For Twisted versions prior to 16.3.1, update to version 16.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the HTTP PROXY environment variable to minimize the risk of exploitation.