25 matches found
Design/Logic Flaw
redirect in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect"233\r\nSet-Cookie: name=salt" call...
PYSEC-2016-24
redirect in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect"233\r\nSet-Cookie: name=salt" call...
CVE-2016-9964
The CVE corresponds to a CRLF injection in bottle.py (bottle 0.12.10) where redirect() does not filter a "\r\n" sequence, enabling HTTP header injection. Public disclosures across multiple feeds confirm the issue is caused by improper handling of redirections, with clear remediation guidance to u...
CVE-2016-9964
redirect in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect"233\r\nSet-Cookie: name=salt" call...
CVE-2016-9964
redirect in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect"233\r\nSet-Cookie: name=salt" call...