KLA10866 Multiple vulnerabilities in Python

2016-02-09T00:00:00
ID KLA10866
Type kaspersky
Reporter Kaspersky Lab
Modified 2020-06-03T00:00:00

Description

Detect date:

02/09/2016

Severity:

Critical

Description:

Multiple serious vulnerabilities have been found in CPython (Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2. Malicious users can exploit these vulnerabilities to bypass the TLS protections, inject arbitrary HTTP headers or have unspecified impact.

Affected products:

CPython 2.x before 2.7.12;
CPython 3.x before 3.4.5;
CPython 3.5.x before 3.5.2.

Solution:

Update to the latest version
Patch to disable http header injection
Patch to StartTLS stripping attack (for branch 3.4)
Patch to StartTLS stripping attack (for branch 2.7)

Impacts:

CI

Related products:

Python

CVE-IDS:

CVE-2016-56994.3Warning
CVE-2016-563610.0Critical
CVE-2016-07725.8High