Vulnerability Details : CVE-2016-1000110
The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests.
Vulnerability category: Open redirect
Threat overview for CVE-2016-1000110
Top countries where our scanners detected CVE-2016-1000110
Top open port discovered on systems with this issue 80
IPs affected by CVE-2016-1000110 33,560
Threat actors abusing to this issue? Yes
Find out if you* are affected by CVE-2016-1000110!
*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2016-1000110
Probability of exploitation activity in the next 30 days: 28.87%
CVSS scores for CVE-2016-1000110
|Base Score||Base Severity||CVSS Vector||Exploitability Score||Impact Score||Source|
CWE ids for CVE-2016-1000110
A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.Assigned by: firstname.lastname@example.org (Primary)
References for CVE-2016-1000110
[SECURITY] Fedora 23 Update: python-2.7.11-8.fc23 - package-announce - Fedora Mailing-ListsThird Party Advisory
1357334 – (CVE-2016-1000110) CVE-2016-1000110 Python CGIHandler: sets environmental variable based on user supplied Proxy request headerIssue Tracking;Third Party Advisory
[security-announce] openSUSE-SU-2020:0086-1: important: Security updateMailing List;Third Party Advisory
Bug 989523 – VUL-1: CVE-2016-1000110: python,python3: Python CGIHandler: sets environmental variable based on user supplied Proxy request headerIssue Tracking;Third Party Advisory
CVE-2016-1000110Third Party Advisory
Products affected by CVE-2016-1000110