Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI applications outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an httpoxy issue.
The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Twisted | Twisted | * | 16.3.1 (excluding) |
| Red Hat Enterprise Linux 6 | RedHat | python-twisted-web-0:8.2.0-5.el6_8 | * |
| Red Hat Enterprise Linux 7 | RedHat | python-twisted-web-0:12.1.0-5.el7_2 | * |
| Red Hat Satellite 6.2 for RHEL 6 | RedHat | candlepin-0:0.9.54.26-1.el6 | * |
| Red Hat Satellite 6.2 for RHEL 6 | RedHat | foreman-0:1.11.0.86-1.el6sat | * |
| Red Hat Satellite 6.2 for RHEL 6 | RedHat | foreman-installer-1:1.11.0.18-1.el6sat | * |
| Red Hat Satellite 6.2 for RHEL 6 | RedHat | katello-0:3.0.0-33.el6sat | * |
| Red Hat Satellite 6.2 for RHEL 6 | RedHat | katello-installer-base-0:3.0.0.101-1.el6sat | * |
| Red Hat Satellite 6.2 for RHEL 6 | RedHat | pulp-0:2.8.7.18-1.el6sat | * |
| Red Hat Satellite 6.2 for RHEL 6 | RedHat | pulp-puppet-0:2.8.7.2-1.el6sat | * |
| Red Hat Satellite 6.2 for RHEL 6 | RedHat | qpid-dispatch-0:0.4-27.el6sat | * |
| Red Hat Satellite 6.2 for RHEL 6 | RedHat | qpid-proton-0:0.9-21.el6 | * |
| Red Hat Satellite 6.2 for RHEL 6 | RedHat | rubygem-smart_proxy_openscap-0:0.5.3.9-2.el6sat | * |
| Red Hat Satellite 6.2 for RHEL 6 | RedHat | satellite-0:6.2.14-4.0.el6sat | * |
| Red Hat Satellite 6.2 for RHEL 6 | RedHat | tfm-rubygem-foreman_theme_satellite-0:0.1.47.2-1.el6sat | * |
| Red Hat Satellite 6.2 for RHEL 6 | RedHat | tfm-rubygem-katello-0:3.0.0.162-1.el6sat | * |
| Red Hat Satellite 6.2 for RHEL 6 | RedHat | candlepin-0:0.9.54.26-1.el6 | * |
| Red Hat Satellite 6.2 for RHEL 6 | RedHat | foreman-0:1.11.0.86-1.el6sat | * |
| Red Hat Satellite 6.2 for RHEL 6 | RedHat | foreman-installer-1:1.11.0.18-1.el6sat | * |
| Red Hat Satellite 6.2 for RHEL 6 | RedHat | katello-0:3.0.0-33.el6sat | * |
| Red Hat Satellite 6.2 for RHEL 6 | RedHat | katello-installer-base-0:3.0.0.101-1.el6sat | * |
| Red Hat Satellite 6.2 for RHEL 6 | RedHat | pulp-0:2.8.7.18-1.el6sat | * |
| Red Hat Satellite 6.2 for RHEL 6 | RedHat | pulp-puppet-0:2.8.7.2-1.el6sat | * |
| Red Hat Satellite 6.2 for RHEL 6 | RedHat | qpid-dispatch-0:0.4-27.el6sat | * |
| Red Hat Satellite 6.2 for RHEL 6 | RedHat | qpid-proton-0:0.9-21.el6 | * |
| Red Hat Satellite 6.2 for RHEL 6 | RedHat | rubygem-smart_proxy_openscap-0:0.5.3.9-2.el6sat | * |
| Red Hat Satellite 6.2 for RHEL 6 | RedHat | satellite-0:6.2.14-4.0.el6sat | * |
| Red Hat Satellite 6.2 for RHEL 6 | RedHat | tfm-rubygem-foreman_theme_satellite-0:0.1.47.2-1.el6sat | * |
| Red Hat Satellite 6.2 for RHEL 6 | RedHat | tfm-rubygem-katello-0:3.0.0.162-1.el6sat | * |
| Red Hat Satellite 6.2 for RHEL 7 | RedHat | candlepin-0:0.9.54.26-1.el7 | * |
| Red Hat Satellite 6.2 for RHEL 7 | RedHat | foreman-0:1.11.0.86-1.el7sat | * |
| Red Hat Satellite 6.2 for RHEL 7 | RedHat | foreman-installer-1:1.11.0.18-1.el7sat | * |
| Red Hat Satellite 6.2 for RHEL 7 | RedHat | katello-0:3.0.0-33.el7sat | * |
| Red Hat Satellite 6.2 for RHEL 7 | RedHat | katello-installer-base-0:3.0.0.101-1.el7sat | * |
| Red Hat Satellite 6.2 for RHEL 7 | RedHat | pulp-0:2.8.7.18-1.el7sat | * |
| Red Hat Satellite 6.2 for RHEL 7 | RedHat | pulp-puppet-0:2.8.7.2-1.el7sat | * |
| Red Hat Satellite 6.2 for RHEL 7 | RedHat | python-twisted-web-0:12.1.0-5.el7_2 | * |
| Red Hat Satellite 6.2 for RHEL 7 | RedHat | qpid-dispatch-0:0.4-27.el7sat | * |
| Red Hat Satellite 6.2 for RHEL 7 | RedHat | qpid-proton-0:0.9-21.el7 | * |
| Red Hat Satellite 6.2 for RHEL 7 | RedHat | rubygem-smart_proxy_openscap-0:0.5.3.9-2.el7sat | * |
| Red Hat Satellite 6.2 for RHEL 7 | RedHat | satellite-0:6.2.14-4.0.el7sat | * |
| Red Hat Satellite 6.2 for RHEL 7 | RedHat | tfm-rubygem-foreman_theme_satellite-0:0.1.47.2-1.el7sat | * |
| Red Hat Satellite 6.2 for RHEL 7 | RedHat | tfm-rubygem-katello-0:3.0.0.162-1.el7sat | * |
| Red Hat Satellite 6.2 for RHEL 7 | RedHat | candlepin-0:0.9.54.26-1.el7 | * |
| Red Hat Satellite 6.2 for RHEL 7 | RedHat | foreman-0:1.11.0.86-1.el7sat | * |
| Red Hat Satellite 6.2 for RHEL 7 | RedHat | foreman-installer-1:1.11.0.18-1.el7sat | * |
| Red Hat Satellite 6.2 for RHEL 7 | RedHat | katello-0:3.0.0-33.el7sat | * |
| Red Hat Satellite 6.2 for RHEL 7 | RedHat | katello-installer-base-0:3.0.0.101-1.el7sat | * |
| Red Hat Satellite 6.2 for RHEL 7 | RedHat | pulp-0:2.8.7.18-1.el7sat | * |
| Red Hat Satellite 6.2 for RHEL 7 | RedHat | pulp-puppet-0:2.8.7.2-1.el7sat | * |
| Red Hat Satellite 6.2 for RHEL 7 | RedHat | python-twisted-web-0:12.1.0-5.el7_2 | * |
| Red Hat Satellite 6.2 for RHEL 7 | RedHat | qpid-dispatch-0:0.4-27.el7sat | * |
| Red Hat Satellite 6.2 for RHEL 7 | RedHat | qpid-proton-0:0.9-21.el7 | * |
| Red Hat Satellite 6.2 for RHEL 7 | RedHat | rubygem-smart_proxy_openscap-0:0.5.3.9-2.el7sat | * |
| Red Hat Satellite 6.2 for RHEL 7 | RedHat | satellite-0:6.2.14-4.0.el7sat | * |
| Red Hat Satellite 6.2 for RHEL 7 | RedHat | tfm-rubygem-foreman_theme_satellite-0:0.1.47.2-1.el7sat | * |
| Red Hat Satellite 6.2 for RHEL 7 | RedHat | tfm-rubygem-katello-0:3.0.0.162-1.el7sat | * |
| Twisted | Ubuntu | precise | * |
| Twisted | Ubuntu | trusty | * |
| Twisted | Ubuntu | upstream | * |
| Twisted | Ubuntu | wily | * |
| Twisted | Ubuntu | xenial | * |
| Twisted | Ubuntu | yakkety | * |
| Twisted | Ubuntu | zesty | * |
| Twisted-py3 | Ubuntu | trusty | * |
| Twisted-py3 | Ubuntu | upstream | * |
| Twisted-py3 | Ubuntu | wily | * |