[issue11671] Potential misuse of wsgiref.headers.Headers
Felix Gröbert
report at bugs.python.org
Fri Mar 25 13:14:58 CET 2011
New submission from Felix Gröbert <groebert at google.com>:
As noted by security at python.org's response I'm filing this bug here.
In wsgiref.headers.Headers it is possible to include headers which
contain a newline (i.e. \n or \r) either through add_header or
__init__. It is not uncommon that developers provide web applications
to the public in which the HTTP response headers are not filtered for
newlines but are controlled by the user. In such scenarios a malicious
user can use a newline to inject another header or even initiate a
HTTP response body. The impact would be at least equivalent to XSS.
Therefore, I suggest to filter/warn/except header tuples which contain
the above characters upon assignment in wsgiref.headers.
----------
components: Library (Lib)
messages: 132080
nosy: Felix.Gröbert
priority: normal
severity: normal
status: open
title: Potential misuse of wsgiref.headers.Headers
type: security
versions: Python 3.3
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue11671>
_______________________________________
More information about the Python-bugs-list
mailing list