17 matches found
SUSE CVE-2016-9964
redirect in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect"233\r\nSet-Cookie: name=salt" call...
metadoc (>=0.9.1 <=0.10.5), sphinxmark (>=0.1.15 <=0.1.16) potentially affected by CVE-2016-9964 via bottle (=0.12.10)
bottle PYPI version =0.12.10 is affected by a known vulnerability. The following packages have a transitive dependency on bottle and may be impacted: - metadoc =0.9.1, =0.1.15, =0.1.16 Source cves: CVE-2016-9964 Source advisory: OSV:GHSA-J6F7-HGHW-G437...
Intel® Quartus® Prime Pro
Summary: Intel® Quartus® Prime Pro before version 18.0.1 ships with an open source component, bottle.py, which is disabled by default. If bottle.py is enabled the system is potentially vulnerable to CVE-2016-9964. Description: For details on the CVE-2016-9964 please see:...
Fedora 26 : python-bottle (2018-909707fc68)
Update to 0.12.13 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable...
Fedora Update for python-bottle FEDORA-2018-6cb474b8ff
The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated python-bottle packages fix security vulnerability
redirect in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect"233\r\nSet-Cookie: name=salt" call. CVE-2016-9964...
Debian DSA-3743-1 : python-bottle - security update
It was discovered that bottle, a WSGI-framework for the Python programming language, did not properly filter '\r\n' sequences when handling redirections. This allowed an attacker to perform CRLF attacks such as HTTP header injection. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...
[SECURITY] [DSA 3743-1] python-bottle security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3743-1 [email protected] https://www.debian.org/security/ Sebastien Delafond December 20, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3743-1] python-bottle security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3743-1 [email protected] https://www.debian.org/security/ Sebastien Delafond December 20, 2016 https://www.debian.org/security/faq -...
Debian: Security Advisory (DSA-3743-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2016-9964
redirect in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect"233\r\nSet-Cookie: name=salt" call...
metadoc (>=0.9.1 <=0.10.5), sphinxmark (>=0.1.15 <=0.1.16) potentially affected by CVE-2016-9964 via bottle (=0.12.10)
bottle PYPI version =0.12.10 is affected by a known vulnerability. The following packages have a transitive dependency on bottle and may be impacted: - metadoc =0.9.1, =0.1.15, =0.1.16 Source cves: CVE-2016-9964 Source advisory: OSV:PYSEC-2016-24...
CVE-2016-9964
redirect in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect"233\r\nSet-Cookie: name=salt" call...
CVE-2016-9964
redirect in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect"233\r\nSet-Cookie: name=salt" call...
CVE-2016-9964
redirect in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect"233\r\nSet-Cookie: name=salt" call...
CVE-2016-9964
redirect in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect"233\r\nSet-Cookie: name=salt" call...
CVE-2016-9964
The CVE corresponds to a CRLF injection in bottle.py (bottle 0.12.10) where redirect() does not filter a "\r\n" sequence, enabling HTTP header injection. Public disclosures across multiple feeds confirm the issue is caused by improper handling of redirections, with clear remediation guidance to u...