CVE-2019-18348

MEDIUM

Description

An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the host component of a URL) followed by an HTTP header. This is similar to the CVE-2019-9740 query string issue and the CVE-2019-9947 path string issue. (This is not exploitable when glibc has CVE-2016-10739 fixed.). This is fixed in: v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1; v3.6.11, v3.6.11rc1, v3.6.12; v3.7.8, v3.7.8rc1, v3.7.9; v3.8.3, v3.8.3rc1, v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1.

References

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00041.html

https://bugs.python.org/issue30458#msg347282

https://bugzilla.redhat.com/show_bug.cgi?id=1727276

https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html

https://lists.fedoraproject.org/archives/list/[email protected]/message/4X3HW5JRZ7GCPSR7UHJOLD7AWLTQCDVR/

https://lists.fedoraproject.org/archives/list/[email protected]/message/A5NSAX4SC3V64PGZUPH7PRDLSON34Q5A/

https://lists.fedoraproject.org/archives/list/[email protected]/message/JCPGLTTOBB3QEARDX4JOYURP6ELNNA2V/

https://lists.fedoraproject.org/archives/list/[email protected]/message/M34WOYCDKTDE5KLUACE2YIEH7D37KHRX/

https://lists.fedoraproject.org/archives/list/[email protected]/message/UESGYI5XDAHJBATEZN3MHNDUBDH47AS6/

https://security.netapp.com/advisory/ntap-20191107-0004/

https://usn.ubuntu.com/4333-1/

https://usn.ubuntu.com/4333-2/

https://www.oracle.com/security-alerts/cpuoct2020.html

Details

Source: MITRE

Published: 2019-10-23

Updated: 2020-11-16

Type: CWE-74

Risk Information

CVSS v2.0

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3.0

Base Score: 6.1

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Impact Score: 2.7

Exploitability Score: 2.8

Severity: MEDIUM

Tenable Plugins

View all (29 total)

IDNameProductFamilySeverity
145389openSUSE Security Update : python3 (openSUSE-2020-2333)NessusSuSE Local Security Checks
high
145326openSUSE Security Update : python3 (openSUSE-2020-2332)NessusSuSE Local Security Checks
high
144586SUSE SLED15 / SLES15 Security Update : python3 (SUSE-SU-2020:3930-1)NessusSuSE Local Security Checks
high
144443SUSE SLES12 Security Update : python36 (SUSE-SU-2020:3865-1)NessusSuSE Local Security Checks
high
143646SUSE SLES12 Security Update : python36 (SUSE-SU-2020:3563-1)NessusSuSE Local Security Checks
medium
140678FreeBSD : Python -- multiple vulnerabilities (2cb21232-fb32-11ea-a929-a4bf014bf5f7)NessusFreeBSD Local Security Checks
medium
140089Amazon Linux AMI : python34 (ALAS-2020-1429)NessusAmazon Linux Local Security Checks
medium
140087Amazon Linux AMI : python36 (ALAS-2020-1428)NessusAmazon Linux Local Security Checks
medium
138529Debian DLA-2280-1 : python3.5 security updateNessusDebian Local Security Checks
medium
138368Fedora 31 : python36 (2020-ea5bdbcc90)NessusFedora Local Security Checks
medium
138125FreeBSD : Python -- multiple vulnerabilities (33c05d57-bf6e-11ea-ba1e-0800273f78d3)NessusFreeBSD Local Security Checks
medium
138114Fedora 32 : python36 (2020-8bdd3fd7a4)NessusFedora Local Security Checks
medium
137877Photon OS 1.0: Python3 PHSA-2020-1.0-0304NessusPhotonOS Local Security Checks
medium
137580SUSE SLES12 Security Update : python (SUSE-SU-2020:1524-1)NessusSuSE Local Security Checks
medium
136884openSUSE Security Update : python (openSUSE-2020-696)NessusSuSE Local Security Checks
medium
136798SUSE SLED15 / SLES15 Security Update : python (SUSE-SU-2020:1339-1)NessusSuSE Local Security Checks
medium
136443FreeBSD : Python -- CRLF injection via the host part of the url passed to urlopen() (ca595a25-91d8-11ea-b470-080027846a02)NessusFreeBSD Local Security Checks
medium
136281Ubuntu 20.04 : Python vulnerabilities (USN-4333-2)NessusUbuntu Local Security Checks
medium
135894Ubuntu 16.04 LTS / 18.04 LTS / 19.10 : Python vulnerabilities (USN-4333-1)NessusUbuntu Local Security Checks
medium
135487Photon OS 1.0: Python2 PHSA-2020-1.0-0287NessusPhotonOS Local Security Checks
medium
135405Photon OS 3.0: Python3 PHSA-2020-3.0-0073NessusPhotonOS Local Security Checks
medium
135404Photon OS 3.0: Python2 PHSA-2020-3.0-0073NessusPhotonOS Local Security Checks
medium
135309Photon OS 2.0: Python3 PHSA-2020-2.0-0223NessusPhotonOS Local Security Checks
medium
135308Photon OS 2.0: Python2 PHSA-2020-2.0-0223NessusPhotonOS Local Security Checks
medium
135197SUSE SLES12 Security Update : python3 (SUSE-SU-2020:0854-1)NessusSuSE Local Security Checks
medium
134853SUSE SLES12 Security Update : python36 (SUSE-SU-2020:0750-1)NessusSuSE Local Security Checks
medium
130797Fedora 29 : python35 (2019-d202cda4f8)NessusFedora Local Security Checks
medium
130793Fedora 30 : python35 (2019-b06ec6159b)NessusFedora Local Security Checks
medium
130784Fedora 31 : python35 (2019-57462fa10d)NessusFedora Local Security Checks
medium