Search for vulnerabilities
Vulnerability details: VCID-yudp-r3b4-aaas
Vulnerability ID VCID-yudp-r3b4-aaas
Aliases CVE-2016-1000110
Summary The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
CWE-20 Improper Input Validation
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1000110.html
rhas Moderate https://access.redhat.com/errata/RHSA-2016:1626
rhas Moderate https://access.redhat.com/errata/RHSA-2016:1627
rhas Moderate https://access.redhat.com/errata/RHSA-2016:1628
rhas Moderate https://access.redhat.com/errata/RHSA-2016:1629
rhas Moderate https://access.redhat.com/errata/RHSA-2016:1630
cvssv3 5.0 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000110.json
epss 0.04253 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.04253 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.04253 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.04253 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.04253 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.04253 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.08568 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.08568 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.08568 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.08568 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.09035 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.09035 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.09035 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.09035 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.09035 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.09035 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.09035 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.09035 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.09035 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.09035 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.09035 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.09035 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.09035 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.09035 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.09035 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.09035 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.09035 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.09035 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.09035 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.09035 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.09035 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.09035 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.09035 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.09035 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.09035 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.09035 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.09035 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.09035 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.09035 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.09035 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.09035 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.09035 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.09035 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.09035 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.09035 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.09035 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.09035 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.09035 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.09035 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.09035 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.09035 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.09035 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.09035 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.09035 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.09035 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.09035 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.12501 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.12501 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.12501 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.12501 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.15845 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.15845 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.15845 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.15845 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.15845 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.15845 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.15845 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.15845 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.15845 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.15845 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.16615 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.22606 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
epss 0.22606 https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
generic_textual Medium https://bugs.python.org/issue27568
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=1357334
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000110
cvssv2 5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 5.8 https://nvd.nist.gov/vuln/detail/CVE-2016-1000110
cvssv3 6.1 https://nvd.nist.gov/vuln/detail/CVE-2016-1000110
cvssv3.1 6.1 https://nvd.nist.gov/vuln/detail/CVE-2016-1000110
generic_textual Medium https://ubuntu.com/security/notices/USN-3134-1
generic_textual Medium https://usn.ubuntu.com/usn/usn-3134-1
Reference id Reference type URL
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1000110.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000110.json
https://api.first.org/data/v1/epss?cve=CVE-2016-1000110
https://bugs.python.org/issue27568
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000110
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2016-1000110
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000110
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7K3WFJO3SJQCODKRKU6EQV3ZGHH53YPU/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7K3WFJO3SJQCODKRKU6EQV3ZGHH53YPU/
https://security-tracker.debian.org/tracker/CVE-2016-1000110
https://ubuntu.com/security/notices/USN-3134-1
https://usn.ubuntu.com/usn/usn-3134-1
1357334 https://bugzilla.redhat.com/show_bug.cgi?id=1357334
cpe:2.3:a:python:python:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
CVE-2016-1000110 https://nvd.nist.gov/vuln/detail/CVE-2016-1000110
RHSA-2016:1626 https://access.redhat.com/errata/RHSA-2016:1626
RHSA-2016:1627 https://access.redhat.com/errata/RHSA-2016:1627
RHSA-2016:1628 https://access.redhat.com/errata/RHSA-2016:1628
RHSA-2016:1629 https://access.redhat.com/errata/RHSA-2016:1629
RHSA-2016:1630 https://access.redhat.com/errata/RHSA-2016:1630
USN-3134-1 https://usn.ubuntu.com/3134-1/
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000110.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2016-1000110
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2016-1000110
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2016-1000110
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.87758
EPSS Score 0.04253
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.