Your submission was sent successfully! Close

CVE-2016-1000111

Published: 18 July 2016

Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.

Priority

Low

CVSS 3 base score: 5.3

Status

Package Release Status
twisted
Launchpad, Ubuntu, Debian
artful Not vulnerable
(16.6.0-2ubuntu3)
bionic Not vulnerable
(17.9.0-1)
cosmic Not vulnerable
(17.9.0-1)
disco Not vulnerable
(17.9.0-1)
precise Not vulnerable
(code not present)
trusty
Released (13.2.0-1ubuntu1.2)
upstream Needed

wily Ignored
(reached end-of-life)
xenial
Released (16.0.0-1ubuntu0.2)
yakkety Ignored
(reached end-of-life)
zesty Ignored
(reached end-of-life)
twisted-py3
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

disco Does not exist

precise Does not exist

trusty Does not exist
(trusty was needed)
upstream Needed

wily Ignored
(reached end-of-life)
xenial Does not exist

yakkety Does not exist

zesty Does not exist