CVE - CVE-2019-10160

CVE-ID
CVE-2019-10160	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:FEDORA-2019-2b1f72899a URL:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/ MISC:FEDORA-2019-50772cf122 URL:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NF3DRDGMVIRYNZMSLJIHNW47HOUQYXVG/ MISC:FEDORA-2019-57462fa10d URL:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4X3HW5JRZ7GCPSR7UHJOLD7AWLTQCDVR/ MISC:FEDORA-2019-5dc275c9f2 URL:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/ MISC:FEDORA-2019-60a1defcd1 URL:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQEQLXLOCR3SNM3AA5RRYJFQ5AZBYJ4L/ MISC:FEDORA-2019-7723d4774a URL:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/44TS66GJMO5H3RLMVZEBGEFTB6O2LJJU/ MISC:FEDORA-2019-7df59302e0 URL:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ORNTF62QPLMJXIQ7KTZQ2776LMIXEKL/ MISC:FEDORA-2019-9bfb4a3e4b URL:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KRYFIMISZ47NTAU3XWZUOFB7CYL62KES/ MISC:FEDORA-2019-b06ec6159b URL:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M34WOYCDKTDE5KLUACE2YIEH7D37KHRX/ MISC:FEDORA-2019-d202cda4f8 URL:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JCPGLTTOBB3QEARDX4JOYURP6ELNNA2V/ MISC:RHSA-2019:1587 URL:https://access.redhat.com/errata/RHSA-2019:1587 MISC:RHSA-2019:1700 URL:https://access.redhat.com/errata/RHSA-2019:1700 MISC:RHSA-2019:2437 URL:https://access.redhat.com/errata/RHSA-2019:2437 MISC:USN-4127-1 URL:https://usn.ubuntu.com/4127-1/ MISC:USN-4127-2 URL:https://usn.ubuntu.com/4127-2/ MISC:[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image URL:https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E MISC:[debian-lts-announce] 20190625 [SECURITY] [DLA 1834-1] python2.7 security update URL:https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html MISC:[debian-lts-announce] 20200715 [SECURITY] [DLA 2280-1] python3.5 security update URL:https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html MISC:[debian-lts-announce] 20200822 [SECURITY] [DLA 2337-1] python2.7 security update URL:https://lists.debian.org/debian-lts-announce/2020/08/msg00034.html MISC:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10160 URL:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10160 MISC:https://github.com/python/cpython/commit/250b62acc59921d399f0db47db3b462cd6037e09 URL:https://github.com/python/cpython/commit/250b62acc59921d399f0db47db3b462cd6037e09 MISC:https://github.com/python/cpython/commit/8d0ef0b5edeae52960c7ed05ae8a12388324f87e URL:https://github.com/python/cpython/commit/8d0ef0b5edeae52960c7ed05ae8a12388324f87e MISC:https://github.com/python/cpython/commit/f61599b050c621386a3fc6bc480359e2d3bb93de URL:https://github.com/python/cpython/commit/f61599b050c621386a3fc6bc480359e2d3bb93de MISC:https://github.com/python/cpython/commit/fd1771dbdd28709716bd531580c40ae5ed814468 URL:https://github.com/python/cpython/commit/fd1771dbdd28709716bd531580c40ae5ed814468 MISC:https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization2.html URL:https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization2.html MISC:https://security.netapp.com/advisory/ntap-20190617-0003/ URL:https://security.netapp.com/advisory/ntap-20190617-0003/ MISC:openSUSE-SU-2019:1906 URL:http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00042.html MISC:openSUSE-SU-2020:0086 URL:http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
Assigning CNA
Red Hat, Inc.
Date Record Created
20190327	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20190327)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)