{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-07-18T00:00:00", "descriptions": [{"lang": "en", "value": "Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-03-11T19:05:31", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.openwall.com/lists/oss-security/2016/07/18/6"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://twistedmatrix.com/trac/ticket/8623"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://twistedmatrix.com/pipermail/twisted-web/2016-August/005268.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-1000111", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"}, {"name": "https://www.openwall.com/lists/oss-security/2016/07/18/6", "refsource": "MISC", "url": "https://www.openwall.com/lists/oss-security/2016/07/18/6"}, {"name": "https://twistedmatrix.com/trac/ticket/8623", "refsource": "CONFIRM", "url": "https://twistedmatrix.com/trac/ticket/8623"}, {"name": "https://twistedmatrix.com/pipermail/twisted-web/2016-August/005268.html", "refsource": "CONFIRM", "url": "https://twistedmatrix.com/pipermail/twisted-web/2016-August/005268.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T03:55:26.416Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.openwall.com/lists/oss-security/2016/07/18/6"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://twistedmatrix.com/trac/ticket/8623"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://twistedmatrix.com/pipermail/twisted-web/2016-August/005268.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-1000111", "datePublished": "2020-03-11T19:05:31", "dateReserved": "2016-07-18T00:00:00", "dateUpdated": "2024-08-06T03:55:26.416Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:twisted:twisted:*:*:*:*:*:*:*:*", "matchCriteriaId": "5FBB6152-73B6-47DF-A9E3-D53B998E875C", "versionEndExcluding": "16.3.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue."}, {"lang": "es", "value": "Twisted versiones anteriores a la versi\u00f3n 16.3.1, no intenta abordar los conflictos de espacio de nombres RFC 3875 secci\u00f3n 4.1.18 y, por lo tanto, no protege las aplicaciones CGI de la presencia de datos de clientes no seguros en la variable de entorno HTTP_PROXY, lo que podr\u00eda permitir a atacantes remotos redireccionar un tr\u00e1fico HTTP saliente de una aplicaci\u00f3n CGI hacia un servidor proxy arbitrario por medio de un encabezado Proxy especialmente dise\u00f1ado en una  petici\u00f3n HTTP, tambi\u00e9n se conoce como un problema \"httpoxy\"."}], "id": "CVE-2016-1000111", "lastModified": "2024-11-25T18:12:24.673", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-03-11T20:15:11.960", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://twistedmatrix.com/pipermail/twisted-web/2016-August/005268.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://twistedmatrix.com/trac/ticket/8623"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2016/07/18/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://twistedmatrix.com/pipermail/twisted-web/2016-August/005268.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://twistedmatrix.com/trac/ticket/8623"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2016/07/18/6"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-425"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Scott Geary (VendHQ) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2016:1978", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "python-twisted-web-0:8.2.0-5.el6_8", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2016-09-29T00:00:00Z"}, {"advisory": "RHSA-2016:1978", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "python-twisted-web-0:12.1.0-5.el7_2", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2016-09-29T00:00:00Z"}, {"advisory": "RHSA-2018:0273", "cpe": "cpe:/a:redhat:satellite:6.1::el6", "package": "candlepin-0:0.9.54.26-1.el6", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0273", "cpe": "cpe:/a:redhat:satellite:6.1::el6", "package": "foreman-0:1.11.0.86-1.el6sat", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0273", "cpe": "cpe:/a:redhat:satellite:6.1::el6", "package": "foreman-installer-1:1.11.0.18-1.el6sat", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0273", "cpe": "cpe:/a:redhat:satellite:6.1::el6", "package": "katello-0:3.0.0-33.el6sat", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0273", "cpe": "cpe:/a:redhat:satellite:6.1::el6", "package": "katello-installer-base-0:3.0.0.101-1.el6sat", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0273", "cpe": "cpe:/a:redhat:satellite:6.1::el6", "package": "pulp-0:2.8.7.18-1.el6sat", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0273", "cpe": "cpe:/a:redhat:satellite:6.1::el6", "package": "pulp-puppet-0:2.8.7.2-1.el6sat", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0273", "cpe": "cpe:/a:redhat:satellite:6.1::el6", "package": "qpid-dispatch-0:0.4-27.el6sat", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0273", "cpe": "cpe:/a:redhat:satellite:6.1::el6", "package": "qpid-proton-0:0.9-21.el6", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0273", "cpe": "cpe:/a:redhat:satellite:6.1::el6", "package": "rubygem-smart_proxy_openscap-0:0.5.3.9-2.el6sat", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0273", "cpe": "cpe:/a:redhat:satellite:6.1::el6", "package": "satellite-0:6.2.14-4.0.el6sat", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0273", "cpe": "cpe:/a:redhat:satellite:6.1::el6", "package": "tfm-rubygem-foreman_theme_satellite-0:0.1.47.2-1.el6sat", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0273", "cpe": "cpe:/a:redhat:satellite:6.1::el6", "package": "tfm-rubygem-katello-0:3.0.0.162-1.el6sat", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0273", "cpe": "cpe:/a:redhat:satellite_capsule:6.1::el6", "package": "candlepin-0:0.9.54.26-1.el6", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0273", "cpe": "cpe:/a:redhat:satellite_capsule:6.1::el6", "package": "foreman-0:1.11.0.86-1.el6sat", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0273", "cpe": "cpe:/a:redhat:satellite_capsule:6.1::el6", "package": "foreman-installer-1:1.11.0.18-1.el6sat", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0273", "cpe": "cpe:/a:redhat:satellite_capsule:6.1::el6", "package": "katello-0:3.0.0-33.el6sat", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0273", "cpe": "cpe:/a:redhat:satellite_capsule:6.1::el6", "package": "katello-installer-base-0:3.0.0.101-1.el6sat", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0273", "cpe": "cpe:/a:redhat:satellite_capsule:6.1::el6", "package": "pulp-0:2.8.7.18-1.el6sat", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0273", "cpe": "cpe:/a:redhat:satellite_capsule:6.1::el6", "package": "pulp-puppet-0:2.8.7.2-1.el6sat", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0273", "cpe": "cpe:/a:redhat:satellite_capsule:6.1::el6", "package": "qpid-dispatch-0:0.4-27.el6sat", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0273", "cpe": "cpe:/a:redhat:satellite_capsule:6.1::el6", "package": "qpid-proton-0:0.9-21.el6", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0273", "cpe": "cpe:/a:redhat:satellite_capsule:6.1::el6", "package": "rubygem-smart_proxy_openscap-0:0.5.3.9-2.el6sat", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0273", "cpe": "cpe:/a:redhat:satellite_capsule:6.1::el6", "package": "satellite-0:6.2.14-4.0.el6sat", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0273", "cpe": "cpe:/a:redhat:satellite_capsule:6.1::el6", "package": "tfm-rubygem-foreman_theme_satellite-0:0.1.47.2-1.el6sat", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0273", "cpe": "cpe:/a:redhat:satellite_capsule:6.1::el6", "package": "tfm-rubygem-katello-0:3.0.0.162-1.el6sat", "product_name": "Red Hat Satellite 6.2 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0273", "cpe": "cpe:/a:redhat:satellite:6.2::el7", "package": "candlepin-0:0.9.54.26-1.el7", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0273", "cpe": "cpe:/a:redhat:satellite:6.2::el7", "package": "foreman-0:1.11.0.86-1.el7sat", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0273", "cpe": "cpe:/a:redhat:satellite:6.2::el7", "package": "foreman-installer-1:1.11.0.18-1.el7sat", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0273", "cpe": "cpe:/a:redhat:satellite:6.2::el7", "package": "katello-0:3.0.0-33.el7sat", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0273", "cpe": "cpe:/a:redhat:satellite:6.2::el7", "package": "katello-installer-base-0:3.0.0.101-1.el7sat", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0273", "cpe": "cpe:/a:redhat:satellite:6.2::el7", "package": "pulp-0:2.8.7.18-1.el7sat", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0273", "cpe": "cpe:/a:redhat:satellite:6.2::el7", "package": "pulp-puppet-0:2.8.7.2-1.el7sat", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0273", "cpe": "cpe:/a:redhat:satellite:6.2::el7", "package": "python-twisted-web-0:12.1.0-5.el7_2", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0273", "cpe": "cpe:/a:redhat:satellite:6.2::el7", "package": "qpid-dispatch-0:0.4-27.el7sat", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0273", "cpe": "cpe:/a:redhat:satellite:6.2::el7", "package": "qpid-proton-0:0.9-21.el7", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0273", "cpe": "cpe:/a:redhat:satellite:6.2::el7", "package": "rubygem-smart_proxy_openscap-0:0.5.3.9-2.el7sat", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0273", "cpe": "cpe:/a:redhat:satellite:6.2::el7", "package": "satellite-0:6.2.14-4.0.el7sat", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0273", "cpe": "cpe:/a:redhat:satellite:6.2::el7", "package": "tfm-rubygem-foreman_theme_satellite-0:0.1.47.2-1.el7sat", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0273", "cpe": "cpe:/a:redhat:satellite:6.2::el7", "package": "tfm-rubygem-katello-0:3.0.0.162-1.el7sat", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0273", "cpe": "cpe:/a:redhat:satellite_capsule:6.2::el7", "package": "candlepin-0:0.9.54.26-1.el7", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0273", "cpe": "cpe:/a:redhat:satellite_capsule:6.2::el7", "package": "foreman-0:1.11.0.86-1.el7sat", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0273", "cpe": "cpe:/a:redhat:satellite_capsule:6.2::el7", "package": "foreman-installer-1:1.11.0.18-1.el7sat", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0273", "cpe": "cpe:/a:redhat:satellite_capsule:6.2::el7", "package": "katello-0:3.0.0-33.el7sat", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0273", "cpe": "cpe:/a:redhat:satellite_capsule:6.2::el7", "package": "katello-installer-base-0:3.0.0.101-1.el7sat", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0273", "cpe": "cpe:/a:redhat:satellite_capsule:6.2::el7", "package": "pulp-0:2.8.7.18-1.el7sat", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0273", "cpe": "cpe:/a:redhat:satellite_capsule:6.2::el7", "package": "pulp-puppet-0:2.8.7.2-1.el7sat", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0273", "cpe": "cpe:/a:redhat:satellite_capsule:6.2::el7", "package": "python-twisted-web-0:12.1.0-5.el7_2", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0273", "cpe": "cpe:/a:redhat:satellite_capsule:6.2::el7", "package": "qpid-dispatch-0:0.4-27.el7sat", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0273", "cpe": "cpe:/a:redhat:satellite_capsule:6.2::el7", "package": "qpid-proton-0:0.9-21.el7", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0273", "cpe": "cpe:/a:redhat:satellite_capsule:6.2::el7", "package": "rubygem-smart_proxy_openscap-0:0.5.3.9-2.el7sat", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0273", "cpe": "cpe:/a:redhat:satellite_capsule:6.2::el7", "package": "satellite-0:6.2.14-4.0.el7sat", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0273", "cpe": "cpe:/a:redhat:satellite_capsule:6.2::el7", "package": "tfm-rubygem-foreman_theme_satellite-0:0.1.47.2-1.el7sat", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0273", "cpe": "cpe:/a:redhat:satellite_capsule:6.2::el7", "package": "tfm-rubygem-katello-0:3.0.0.162-1.el7sat", "product_name": "Red Hat Satellite 6.2 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}], "bugzilla": {"description": "Twisted: sets environmental variable based on user supplied Proxy request header", "id": "1357345", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1357345"}, "csaw": false, "cvss": {"cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "status": "verified"}, "cvss3": {"cvss3_base_score": "5.0", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "status": "verified"}, "cwe": "CWE-20", "details": ["Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue.", "It was discovered that python-twisted-web used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request."], "name": "CVE-2016-1000111", "public_date": "2016-07-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-1000111\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1000111"], "statement": "This issue affects the versions of python-twisted as shipped with Red Hat Satellite 6.x. However due to the manner in which python-twisted is used exploitation of this issue by an attacker would require significant access to the server, or be able to modify requests from other users via additional vulnerabilities. A future update may address this issue.", "threat_severity": "Important"}