Lucene search
EcbftwH1:165154HistorySep 02, 2016 - 12:15 a.m.
Internet Bug Bounty: Additional information for CVE-2016-5699
2016-09-0200:15:29
ecbftw
hackerone.com
19
0.002 Low
EPSS
Percentile
59.2%
I was not the first to report this issue, but the fix languished for quite some time, since no one realized quite how bad it was. I wasn’t aware of the original bug report and discovered the issue independently. I was the first to report the much more serious consequences of it. The vulnerability itself was technically public and fixed, and I waited 6 months to publish the more serious attack scenarios (when a CVE was finally publicly requested). My full description is here:
http://blog.blindspotsecurity.com/2016/06/advisory-http-header-injection-in.html
Related
cve
cve
CVE-2016-5699
2016-09-02 14:59:07
prion
prion
Crlf injection
2016-09-02 14:59:00
openvas
openvas
CPython CRLF Injection Vulnerability - Linux
2016-09-12 00:00:00
Python < 2.7.10, 3.x < 3.3.7, 3.4.x < 3.4.4 HTTP Header Injection Vulnerability (bpo-22928) - Windows
2021-09-21 00:00:00
CPython CRLF Injection Vulnerability - Windows
2016-09-12 00:00:00
packetstorm
packetstorm
Ruby HTTP Header Injection
2016-06-25 00:00:00
cvelist
cvelist
CVE-2016-5699
2016-09-02 14:00:00
nessus
nessus
FreeBSD : Python -- HTTP Header Injection in Python urllib (a61374fc-3a4d-11e6-a671-60a44ce6887b)
2016-07-01 00:00:00
Fedora 23 : python3 (2016-ef784cf9f7)
2016-07-15 00:00:00
Fedora 23 : pypy3 (2016-34ca5273e9)
2016-07-15 00:00:00
ubuntucve
ubuntucve
CVE-2016-5699
2016-09-02 00:00:00
nvd
nvd
CVE-2016-5699
2016-09-02 14:59:07
hackerone
hackerone
Internet Bug Bounty: urllib HTTP header injection CVE-2016-5699
2016-09-01 20:42:07
freebsd
freebsd
Python -- HTTP Header Injection in Python urllib
2014-11-24 00:00:00
f5
f5
K10420455 : Python urllib and urllib2 library vulnerability CVE-2016-5699
2016-12-07 00:00:00
veracode
veracode
CRLF Injection
2019-05-02 05:46:32
debiancve
debiancve
CVE-2016-5699
2016-09-02 14:59:07
osv
osv
HTTP Header Injection (follow-up of CVE-2016-5699)
2019-03-13 03:00:00
HTTP Header Injection (follow-up of CVE-2016-5699)
2019-03-23 17:06:47
python2.7 - security update
2016-06-21 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: pypy3-2.4.0-3.fc22
2016-07-12 02:24:30
[SECURITY] Fedora 24 Update: pypy3-2.4.0-6.fc24
2016-07-05 05:02:40
[SECURITY] Fedora 23 Update: python3-3.4.3-9.fc23
2016-07-05 08:27:14
ibm
ibm
Security Bulletin: OpenSource Python Vulnerablities affect IBM Tivoli Application Dependency Discovery Manager (TADDM) (CVE-2016-5699, CVE-2016-5636)
2018-06-17 15:39:52
redhat
redhat
(RHSA-2016:1626) Moderate: python security update
2016-08-18 14:24:36
(RHSA-2016:1628) Moderate: python27-python security update
2016-08-18 14:44:18
(RHSA-2016:1629) Moderate: python33-python security update
2016-08-18 14:44:37
kaspersky
kaspersky
KLA10866 Multiple vulnerabilities in Python
2016-02-09 00:00:00
centos
centos
python, tkinter security update
2016-08-18 17:23:01
mageia
mageia
Updated python packages fix security vulnerabilities
2016-06-22 19:36:39
debian
debian
[SECURITY] [DLA 522-1] python2.7 security update
2016-06-21 20:22:20
[SECURITY] [DLA 1663-1] python3.4 security update
2019-02-07 10:12:00
oraclelinux
oraclelinux
python security update
2016-08-18 00:00:00
python security, bug fix, and enhancement update
2016-11-09 00:00:00
python security and bug fix update
2017-08-07 00:00:00
amazon
amazon
Medium: python26, python27, python34
2016-07-20 18:00:00
cloudfoundry
cloudfoundry
USN-3134-1: Python vulnerabilities | Cloud Foundry
2016-12-14 00:00:00
ubuntu
ubuntu
Python vulnerabilities
2016-11-22 00:00:00
suse
suse
Security update for python3 (important)
2020-01-21 00:00:00