[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2019-9636Date: (C)2019-06-21   (M)2024-03-26


Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 9.8CVSS Score : 5.0
Exploit Score: 3.9Exploit Score: 10.0
Impact Score: 5.9Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: PARTIAL
Scope: UNCHANGEDIntegrity: NONE
Confidentiality: HIGHAvailability: NONE
Integrity: HIGH 
Availability: HIGH 
  
Reference:
BID-107400
FEDORA-2019-1ffd6b6064
FEDORA-2019-243442e600
FEDORA-2019-2b1f72899a
FEDORA-2019-51f1e08207
FEDORA-2019-57462fa10d
FEDORA-2019-5dc275c9f2
FEDORA-2019-60a1defcd1
FEDORA-2019-6b02154aa0
FEDORA-2019-6baeb15da3
FEDORA-2019-6e1938a3c5
FEDORA-2019-7723d4774a
FEDORA-2019-7d9f3cf3ce
FEDORA-2019-7df59302e0
FEDORA-2019-86f32cbab1
FEDORA-2019-9bfb4a3e4b
FEDORA-2019-a122fe704d
FEDORA-2019-b06ec6159b
FEDORA-2019-cf725dd20b
FEDORA-2019-d202cda4f8
FEDORA-2019-ec26883852
GLSA-202003-26
N/A
RHBA-2019:0763
RHBA-2019:0764
RHBA-2019:0959
RHSA-2019:0710
RHSA-2019:0765
RHSA-2019:0806
RHSA-2019:0902
RHSA-2019:0981
RHSA-2019:0997
RHSA-2019:1467
RHSA-2019:2980
RHSA-2019:3170
USN-4127-1
USN-4127-2
https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html
https://lists.debian.org/debian-lts-announce/2019/06/msg00023.html
https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html
https://lists.debian.org/debian-lts-announce/2020/08/msg00034.html
https://bugs.python.org/issue36216
https://github.com/python/cpython/pull/12201
https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html
https://security.netapp.com/advisory/ntap-20190517-0001/
https://www.oracle.com/security-alerts/cpujan2020.html
openSUSE-SU-2019:1273
openSUSE-SU-2019:1282
openSUSE-SU-2019:1371
openSUSE-SU-2019:1580
openSUSE-SU-2019:1906
openSUSE-SU-2020:0086

CPE    8
cpe:/o:debian:debian_linux:9.0
cpe:/o:redhat:enterprise_linux_server:6.0
cpe:/o:debian:debian_linux:8.0
cpe:/o:canonical:ubuntu_linux:18.04::~~lts~~~
...
OVAL    53
oval:org.secpod.oval:def:505089
oval:org.secpod.oval:def:89003221
oval:org.secpod.oval:def:504797
oval:org.secpod.oval:def:89003257
...

© SecPod Technologies