A flaw was found in Python. The built-in modules httplib and http.client (included in Python 2 and Python 3, respectively) do not properly validate CRLF sequences in the HTTP request method, potentially allowing manipulation to the request by injecting additional HTTP headers. The highest threat from this vulnerability is to confidentiality and integrity.

References

bugzilla.redhat.com/show_bug.cgi?id=1883014

nvd.nist.gov/vuln/detail/CVE-2020-26116

python-security.readthedocs.io/vuln/http-header-injection-method.html

www.cve.org/CVERecord?id=CVE-2020-26116

nessus 79

ibm 5

photon 5

openvas 40

cbl_mariner 1

amazon 4

osv 13

ubuntu 2

redhat 8

f5 2

fedora 5

prion 2

debiancve 2

suse 4

veracode 1

cloudfoundry 1

ubuntucve 2

cve 2

hackerone 1

github 1

debian 2

gentoo 1

alpinelinux 1

oraclelinux 4

rocky 2

almalinux 3

centos 1

cloudlinux 2

mageia 1

archlinux 1

rosalinux 1

nessus

openSUSE Security Update : python (openSUSE-2020-1859)

2020-11-09 00:00:00

openSUSE Security Update : python (openSUSE-2020-1988)

2020-11-23 00:00:00

SUSE SLED15 / SLES15 Security Update : python (SUSE-SU-2020:3115-1)

2020-12-09 00:00:00

ibm

Security Bulletin: IBM Watson OpenScale on Cloud Pak for Data is impacted by CVE-2020-26116

2021-03-11 10:59:38

Security Bulletin: Vulnerability in Open Source Python affects IBM Tivoli Application Dependency Discovery Manager (CVE-2020-26116)

2021-04-12 12:07:52

Security Bulletin: Vulnerability in Python affects IBM Spectrum Protect Plus Microsoft File Systems Agent (CVE-2020-26116)

2021-01-12 21:39:48

photon

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-1.0-0332

2020-10-14 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0289

2020-10-14 00:00:00

Important Photon OS Security Update - PHSA-2020-0332

2020-10-14 00:00:00

openvas

SUSE: Security Advisory (SUSE-SU-2020:14550-1)

2021-06-09 00:00:00

SUSE: Security Advisory (SUSE-SU-2021:0299-1)

2021-04-19 00:00:00

SUSE: Security Advisory (SUSE-SU-2020:3115-1)

2021-06-09 00:00:00

cbl_mariner

CVE-2020-26116 affecting package python3 3.7.7-2

2021-07-08 21:56:42

amazon

Medium: python27, python34, python35

2020-11-16 17:59:00

Medium: python

2021-06-16 20:37:00

Medium: python3

2021-06-16 20:37:00

osv

BIT-python-2020-26116

2024-03-06 11:07:36

http.client: HTTP Header Injection in the HTTP method

2020-09-27 00:00:00

CVE-2020-26116

2020-09-27 04:15:11

ubuntu

Python vulnerability

2020-10-14 00:00:00

Python vulnerabilities

2021-03-12 00:00:00

redhat

(RHSA-2021:3366) Moderate: python3 security update

2021-08-31 08:21:02

(RHSA-2021:1879) Moderate: python38:3.8 security update

2021-05-18 06:18:31

(RHSA-2022:5235) Moderate: python security update

2022-06-28 07:52:39

K000133759 : Python vulnerability CVE-2020-26116

2023-05-08 00:00:00

K000133547 : Python urllib3 vulnerability CVE-2020-26137

2023-04-18 00:00:00

fedora

[SECURITY] Fedora 32 Update: mingw-python3-3.8.3-7.fc32

2020-11-17 01:14:12

[SECURITY] Fedora 31 Update: python2-2.7.18-6.fc31

2020-10-30 01:15:15

[SECURITY] Fedora 32 Update: python27-2.7.18-6.fc32

2020-10-16 15:21:26

prion

Crlf injection

2020-09-27 04:15:00

Crlf injection

2020-09-30 18:15:00

debiancve

CVE-2020-26116

2020-09-27 04:15:00

CVE-2020-26137

2020-09-30 18:15:00

suse

Security update for python (moderate)

2020-11-21 00:00:00

Security update for python (moderate)

2020-11-07 00:00:00

Security update for python3 (important)

2020-12-26 00:00:00

veracode

CRLF Injection

2020-10-18 01:59:16

cloudfoundry

USN-4581-1: Python vulnerability | Cloud Foundry

2020-11-19 00:00:00

ubuntucve

CVE-2020-26116

2020-09-27 00:00:00

CVE-2020-26137

2020-09-30 00:00:00

cve

CVE-2020-26116

2020-09-27 04:15:00

CVE-2020-26137

2020-09-30 18:15:00

hackerone

Ruby: 'net/http': HTTP Header Injection in the set_content_type method

2021-04-19 09:25:39

github

CRLF injection in urllib3

2021-06-18 18:46:43

debian

[SECURITY] [DLA 2456-1] python3.5 security update

2020-11-19 03:44:14

[SECURITY] [DLA 3610-1] python-urllib3 security update

2023-10-08 11:06:20

gentoo

Python: Multiple vulnerabilities

2021-01-24 00:00:00

alpinelinux

CVE-2020-26137

2020-09-30 18:15:00

oraclelinux

python security update

2022-07-02 00:00:00

python38:3.8 security update

2021-05-25 00:00:00

python3 security update

2021-05-25 00:00:00

rocky

python38:3.8 security update

2021-05-18 06:18:31

python27:2.7 security and bug fix update

2021-05-18 06:02:07

almalinux

Moderate: python38:3.8 security update

2021-05-18 06:18:31

Moderate: python3 security update

2021-05-18 05:42:46

Moderate: python27:2.7 security and bug fix update

2021-05-18 06:02:07

centos

python, tkinter security update

2022-08-02 19:15:12

cloudlinux

Fix of CVE: CVE-2020-26116, CVE-2020-8492, CVE-2018-20852, CVE-2020-27619

2021-10-05 14:07:59

Fix of CVE: CVE-2018-20852, CVE-2020-8492, CVE-2020-26116, CVE-2020-27619

2021-09-23 12:55:16

mageia

Updated python and python3 packages fix security vulnerabilities

2020-12-08 13:40:32

archlinux

[ASA-202103-27] python2: multiple issues

2021-03-25 00:00:00

rosalinux

Advisory ROSA-SA-2023-2203

2023-08-01 12:58:39

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.003 Low

EPSS

Percentile

69.5%

JSON

Related for RH:CVE-2020-26116