5.3

CVSS Score

3.1

Basic Information

CVE ID

CVE-2016-1000111

GHSA ID

GHSA-3gqj-cmxr-p4x2

EPSS Score

0.68051%

CWE

CWE-425

Published

4/30/2021

Updated

11/18/2024

KEV Status

Technology

Python

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2016-1000111

CVE-2016-1000111: Forced Browsing in Twisted

Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an httpoxy issue.

(GitHub Advisory)

5.3

CVSS Score

3.1

Basic Information

CVE ID

CVE-2016-1000111

GHSA ID

GHSA-3gqj-cmxr-p4x2

EPSS Score

0.68051%

CWE

CWE-425

Published

4/30/2021

Updated

11/18/2024

KEV Status

Technology

Python

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
twisted	pip	< 16.3.1	16.3.1

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from how Twisted's CGI handler processes HTTP headers into environment variables. RFC 3875 section 4.1.18 requires headers to be prefixed with 'HTTP_', but 'Proxy' is a special case that conflicts with the HTTP_PROXY environment variable. The init method of CGIProcess in twcgi.py was responsible for populating the CGI environment without filtering the Proxy header, allowing untrusted client data to set HTTP_PROXY. The fix in 16.3.1 likely added filtering for this header, as seen in similar httpoxy patches across other frameworks.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Twist** ***or* **.*.* *o*s not *tt*mpt to ***r*ss R** **** s**tion *.*.** n*m*sp*** *on*li*ts *n* t**r**or* *o*s not prot**t **I *ppli**tions *rom t** pr*s*n** o* untrust** *li*nt **t* in t** `*TTP_PROXY` *nvironm*nt v*ri**l*, w*i** mi**t *llow r*mot

Reasoning

T** vuln*r**ility st*ms *rom *ow Twist**'s **I **n*l*r pro**ss*s *TTP *****rs into *nvironm*nt v*ri**l*s. R** **** s**tion *.*.** r*quir*s *****rs to ** pr**ix** wit* '*TTP_', *ut 'Proxy' is * sp**i*l **s* t**t *on*li*ts wit* t** *TTP_PROXY *nvironm*

5.3

Basic Information

Concerned about an active attack path?

CVE-2016-1000111: Forced Browsing in Twisted

5.3

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI