|
|
Subscribe / Log in / New account

python-bottle: CRLF attacks

Package(s):python-bottle CVE #(s):CVE-2016-9964
Created:December 21, 2016 Updated:January 30, 2017
Description: From the Debian advisory:

It was discovered that bottle, a WSGI-framework for the Python programming language, did not properly filter "\r\n" sequences when handling redirections. This allowed an attacker to perform CRLF attacks such as HTTP header injection.

Alerts:
Mageia MGASA-2017-0031 python-bottle 2017-01-29
Debian-LTS DLA-761-2 python-bottle 2017-01-15
Debian DSA-3743-2 python-bottle 2017-01-15
Debian-LTS DLA-761-1 python-bottle 2016-12-24
Debian DSA-3743-1 python-bottle 2016-12-20
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds