Lucene search

K
openvasCopyright (C) 2021 Greenbone AGOPENVAS:1361412562310118188
HistorySep 11, 2021 - 12:00 a.m.

Python < 3.5.10, 3.6.x < 3.6.12, 3.7.x < 3.7.9, 3.8.x < 3.8.5 Python Issue (bpo-39603) - Linux

2021-09-1100:00:00
Copyright (C) 2021 Greenbone AG
plugins.openvas.org
10
vendorfix
httpclient
cve202026116
python356
python379
python3810
python385

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

AI Score

7.6

Confidence

High

EPSS

0.004

Percentile

72.3%

http.client in Python is prone to CRLF injection.

# SPDX-FileCopyrightText: 2021 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:python:python";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.118188");
  script_version("2023-07-05T05:06:18+0000");
  script_tag(name:"last_modification", value:"2023-07-05 05:06:18 +0000 (Wed, 05 Jul 2023)");
  script_tag(name:"creation_date", value:"2021-09-11 10:50:32 +0200 (Sat, 11 Sep 2021)");
  script_tag(name:"cvss_base", value:"6.4");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:N");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2021-01-26 18:15:00 +0000 (Tue, 26 Jan 2021)");

  script_cve_id("CVE-2020-26116");

  script_tag(name:"qod_type", value:"remote_banner_unreliable");

  script_tag(name:"solution_type", value:"VendorFix");

  script_name("Python < 3.5.10, 3.6.x < 3.6.12, 3.7.x < 3.7.9, 3.8.x < 3.8.5 Python Issue (bpo-39603) - Linux");

  script_category(ACT_GATHER_INFO);

  script_copyright("Copyright (C) 2021 Greenbone AG");
  script_family("General");
  script_dependencies("gb_python_consolidation.nasl", "os_detection.nasl");
  script_mandatory_keys("python/detected", "Host/runs_unixoide");

  script_tag(name:"summary", value:"http.client in Python is prone to CRLF injection.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"It is possible to inject HTTP headers via the HTTP method which
  doesn't reject newline characters.");

  script_tag(name:"impact", value:"If the attacker controls the HTTP request method, the http.client
  in Python allows CRLF injection.");

  script_tag(name:"affected", value:"Python prior to version 3.5.10, versions 3.6.x prior to 3.6.12,
  3.7.x prior to 3.7.9 and 3.8.x prior to 3.8.5.");

  script_tag(name:"solution", value:"Update to version 3.5.10, 3.6.12, 3.7.9, 3.8.5 or later.");

  script_xref(name:"URL", value:"https://python-security.readthedocs.io/vuln/http-header-injection-method.html");
  script_xref(name:"Advisory-ID", value:"bpo-39603");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if( isnull( port = get_app_port( cpe:CPE ) ) )
  exit( 0 );

if( ! infos = get_app_version_and_location( cpe:CPE, port:port, exit_no_version:TRUE, version_regex:"^[0-9]+\.[0-9]+\.[0-9]+" ) )
  exit( 0 );

version = infos["version"];
location = infos["location"];

if( version_is_less( version:version, test_version:"3.5.10" ) ) {
  report = report_fixed_ver( installed_version:version, fixed_version:"3.5.10", install_path:location );
  security_message( port:port, data:report );
  exit( 0 );
}

if( version_in_range( version:version, test_version:"3.6.0", test_version2:"3.6.11" ) ) {
  report = report_fixed_ver( installed_version:version, fixed_version:"3.6.12", install_path:location );
  security_message( port:port, data:report );
  exit( 0 );
}

if( version_in_range( version:version, test_version:"3.7.0", test_version2:"3.7.8" ) ) {
  report = report_fixed_ver( installed_version:version, fixed_version:"3.7.9", install_path:location );
  security_message( port:port, data:report );
  exit( 0 );
}

if( version_in_range( version:version, test_version:"3.8.0", test_version2:"3.8.4" ) ) {
  report = report_fixed_ver( installed_version:version, fixed_version:"3.8.5", install_path:location );
  security_message( port:port, data:report );
  exit( 0 );
}

exit( 99 );

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

AI Score

7.6

Confidence

High

EPSS

0.004

Percentile

72.3%