Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.
Metrics
Affected Vendors & Products
Advisories
Source | ID | Title |
---|---|---|
![]() |
EUVD-2020-0227 | Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue. |
![]() |
GHSA-3gqj-cmxr-p4x2 | Forced Browsing in Twisted |
![]() |
USN-3585-1 | Twisted vulnerability |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Mon, 25 Nov 2024 18:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Twisted
Twisted twisted |
|
CPEs | cpe:2.3:a:twisted:twisted:*:*:*:*:*:*:*:* | |
Vendors & Products |
Twistedmatrix
Twistedmatrix twisted |
Twisted
Twisted twisted |

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-06T03:55:26.416Z
Reserved: 2016-07-18T00:00:00
Link: CVE-2016-1000111

No data.

Status : Modified
Published: 2020-03-11T20:15:11.960
Modified: 2024-11-25T18:12:24.673
Link: CVE-2016-1000111


No data.