DEBIAN-CVE-2016-5699

DEBIAN-CVE-2016-5699 PUBLISHED CVSS 6.099999904632568 MEDIUM

CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL.

Risk Scores

CVSS v3.0

6.099999904632568

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected Products

Vendor	Product	Versions
Debian:11	python2.7	0, 0, 0

Timeline

Sep 2, 2016 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2016-5699 advisory

Open in Interactive Console →