The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests.
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000110
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2016-1000110
https://security-tracker.debian.org/tracker/CVE-2016-1000110
Source: MITRE
Published: 2019-11-27
Updated: 2020-01-21
Type: CWE-601
Base Score: 5.8
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Impact Score: 4.9
Exploitability Score: 8.6
Severity: MEDIUM
Base Score: 6.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Impact Score: 2.7
Exploitability Score: 2.8
Severity: MEDIUM