Detections
Analytics

TencentOS Server 3: python27:2.7 (TSSA-2022:0112)

high Nessus Plugin ID 240015

Synopsis

The remote TencentOS Server 3 host is missing one or more security updates.

Description

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0112 advisory.

 Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:

 CVE-2019-11324:
 The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use of the ssl_context, ca_certs, or ca_certs_dir argument.

 CVE-2019-9740:
 An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3.
 CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.

 CVE-2020-26116:
 http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.

 CVE-2020-26137:
 urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.

 CVE-2020-27783:
 A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code.

 CVE-2021-3177:
 Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely.

Tenable has extracted the preceding description block directly from the Tencent Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://mirrors.tencent.com/tlinux/errata/tssa-20220112.xml

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11324

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9740

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26116

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26137

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27783

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3177

Plugin Details

Severity: High

ID: 240015

File Name: tencentos_TSSA_2022_0112.nasl

Version: 1.1

Type: local

Published: 6/16/2025

Updated: 6/16/2025

Supported Sensors: Nessus

Vulnerability Information

CPE: cpe:/o:tencent:tencentos_server:3, p-cpe:/a:tencent:tencentos_server:python-urllib3

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/etc/os-release, Host/TencentOS/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 7/4/2022

Vulnerability Publication Date: 7/4/2022