6 matches found
EUVD-2016-0002
Malware in sbrugna...
bottle.py vulnerable to CRLF Injection
bottle.py is a fast and simple micro-framework for python web-applications. redirect in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect"233\r\nSet-Cookie: name=salt" call...
Intel® Quartus® Prime Pro
Summary: Intel® Quartus® Prime Pro before version 18.0.1 ships with an open source component, bottle.py, which is disabled by default. If bottle.py is enabled the system is potentially vulnerable to CVE-2016-9964. Description: For details on the CVE-2016-9964 please see:...
CVE-2016-9964
redirect in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect"233\r\nSet-Cookie: name=salt" call...
CVE-2016-9964
redirect in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect"233\r\nSet-Cookie: name=salt" call...
CVE-2016-9964
The CVE corresponds to a CRLF injection in bottle.py (bottle 0.12.10) where redirect() does not filter a "\r\n" sequence, enabling HTTP header injection. Public disclosures across multiple feeds confirm the issue is caused by improper handling of redirections, with clear remediation guidance to u...