CVE-2019-18348MEDIUM
Description
An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the host component of a URL) followed by an HTTP header. This is similar to the CVE-2019-9740 query string issue and the CVE-2019-9947 path string issue. (This is not exploitable when glibc has CVE-2016-10739 fixed.). This is fixed in: v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1; v3.6.11, v3.6.11rc1, v3.6.12; v3.7.8, v3.7.8rc1, v3.7.9; v3.8.3, v3.8.3rc1, v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1.
References
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00041.html
https://bugs.python.org/issue30458#msg347282
https://bugzilla.redhat.com/show_bug.cgi?id=1727276
https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html
https://security.netapp.com/advisory/ntap-20191107-0004/
https://usn.ubuntu.com/4333-1/
Details
Source: MITRE
Published: 2019-10-23
Updated: 2020-11-16
Type: CWE-74
Risk Information
CVSS v2.0
Base Score: 4.3
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact Score: 2.9
Exploitability Score: 8.6
Severity: MEDIUM
CVSS v3.0
Base Score: 6.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Impact Score: 2.7
Exploitability Score: 2.8
Severity: MEDIUM
Vulnerable Software
Configuration 1
OR
cpe:2.3:a:python:python:*:*:*:*:*:*:*:* versions from 2.0 to 2.7.17 (inclusive)
cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 145389 | openSUSE Security Update : python3 (openSUSE-2020-2333) | Nessus | SuSE Local Security Checks | high |
| 145326 | openSUSE Security Update : python3 (openSUSE-2020-2332) | Nessus | SuSE Local Security Checks | high |
| 144586 | SUSE SLED15 / SLES15 Security Update : python3 (SUSE-SU-2020:3930-1) | Nessus | SuSE Local Security Checks | high |
| 144443 | SUSE SLES12 Security Update : python36 (SUSE-SU-2020:3865-1) | Nessus | SuSE Local Security Checks | high |
| 143646 | SUSE SLES12 Security Update : python36 (SUSE-SU-2020:3563-1) | Nessus | SuSE Local Security Checks | medium |
| 140678 | FreeBSD : Python -- multiple vulnerabilities (2cb21232-fb32-11ea-a929-a4bf014bf5f7) | Nessus | FreeBSD Local Security Checks | medium |
| 140089 | Amazon Linux AMI : python34 (ALAS-2020-1429) | Nessus | Amazon Linux Local Security Checks | medium |
| 140087 | Amazon Linux AMI : python36 (ALAS-2020-1428) | Nessus | Amazon Linux Local Security Checks | medium |
| 138529 | Debian DLA-2280-1 : python3.5 security update | Nessus | Debian Local Security Checks | medium |
| 138368 | Fedora 31 : python36 (2020-ea5bdbcc90) | Nessus | Fedora Local Security Checks | medium |
| 138125 | FreeBSD : Python -- multiple vulnerabilities (33c05d57-bf6e-11ea-ba1e-0800273f78d3) | Nessus | FreeBSD Local Security Checks | medium |
| 138114 | Fedora 32 : python36 (2020-8bdd3fd7a4) | Nessus | Fedora Local Security Checks | medium |
| 137877 | Photon OS 1.0: Python3 PHSA-2020-1.0-0304 | Nessus | PhotonOS Local Security Checks | medium |
| 137580 | SUSE SLES12 Security Update : python (SUSE-SU-2020:1524-1) | Nessus | SuSE Local Security Checks | medium |
| 136884 | openSUSE Security Update : python (openSUSE-2020-696) | Nessus | SuSE Local Security Checks | medium |
| 136798 | SUSE SLED15 / SLES15 Security Update : python (SUSE-SU-2020:1339-1) | Nessus | SuSE Local Security Checks | medium |
| 136443 | FreeBSD : Python -- CRLF injection via the host part of the url passed to urlopen() (ca595a25-91d8-11ea-b470-080027846a02) | Nessus | FreeBSD Local Security Checks | medium |
| 136281 | Ubuntu 20.04 : Python vulnerabilities (USN-4333-2) | Nessus | Ubuntu Local Security Checks | medium |
| 135894 | Ubuntu 16.04 LTS / 18.04 LTS / 19.10 : Python vulnerabilities (USN-4333-1) | Nessus | Ubuntu Local Security Checks | medium |
| 135487 | Photon OS 1.0: Python2 PHSA-2020-1.0-0287 | Nessus | PhotonOS Local Security Checks | medium |
| 135405 | Photon OS 3.0: Python3 PHSA-2020-3.0-0073 | Nessus | PhotonOS Local Security Checks | medium |
| 135404 | Photon OS 3.0: Python2 PHSA-2020-3.0-0073 | Nessus | PhotonOS Local Security Checks | medium |
| 135309 | Photon OS 2.0: Python3 PHSA-2020-2.0-0223 | Nessus | PhotonOS Local Security Checks | medium |
| 135308 | Photon OS 2.0: Python2 PHSA-2020-2.0-0223 | Nessus | PhotonOS Local Security Checks | medium |
| 135197 | SUSE SLES12 Security Update : python3 (SUSE-SU-2020:0854-1) | Nessus | SuSE Local Security Checks | medium |
| 134853 | SUSE SLES12 Security Update : python36 (SUSE-SU-2020:0750-1) | Nessus | SuSE Local Security Checks | medium |
| 130797 | Fedora 29 : python35 (2019-d202cda4f8) | Nessus | Fedora Local Security Checks | medium |
| 130793 | Fedora 30 : python35 (2019-b06ec6159b) | Nessus | Fedora Local Security Checks | medium |
| 130784 | Fedora 31 : python35 (2019-57462fa10d) | Nessus | Fedora Local Security Checks | medium |