CVE-2016-9015

Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vulnerability that can cause them, in certain configurations, to not correctly validate TLS certificates. This places users of the library with those configurations at risk of man-in-the-middle and information leakage attacks. This vulnerability affects users using versions 1.17 and 1.18 of the urllib3 library, who are using the optional PyOpenSSL support for TLS instead of the regular standard library TLS backend, and who are using OpenSSL 1.1.0 via PyOpenSSL. This is an extremely uncommon configuration, so the security impact of this vulnerability is low.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.7 LOW
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 11%
Affected Products (NVD)
VendorProductVersion
pythonurllib3
1.17
pythonurllib3
1.18
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
python-urllib3
bookworm
1.26.12-1
fixed
bullseye
1.26.5-1~exp1
fixed
sid
2.0.7-2
fixed
trixie
2.0.7-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
python-urllib3
precise
dne
trusty
not-affected
xenial
not-affected
yakkety
not-affected
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
aws-cli-py36
suse enterprise server 12 SP3
1.19.9-6.3.15
fixed
libpython3_6m1_0
suse enterprise server 12 SP3
3.6.15-6.61.5
fixed
python-PyJWT
suse enterprise sap 12
1.4.2-3.10.27
fixed
suse enterprise sap 12 SP3
1.4.2-3.10.27
fixed
suse enterprise sap 12 SP4
1.4.2-3.10.27
fixed
suse enterprise sap 12 SP5
1.4.2-3.10.27
fixed
suse enterprise server 12
1.4.2-3.10.27
fixed
suse enterprise server 12 SP3
1.4.2-3.10.27
fixed
suse enterprise server 12 SP4
1.4.2-3.10.27
fixed
suse enterprise server 12 SP5
1.4.2-3.10.27
fixed
python-cliff
suse enterprise sap 12
1.14.0-11.3.2
fixed
suse enterprise sap 12 SP3
1.14.0-11.3.2
fixed
suse enterprise sap 12 SP4
1.14.0-11.3.2
fixed
suse enterprise sap 12 SP5
1.14.0-11.3.2
fixed
suse enterprise server 12
1.14.0-11.3.2
fixed
suse enterprise server 12 SP3
1.14.0-11.3.2
fixed
suse enterprise server 12 SP4
1.14.0-11.3.2
fixed
suse enterprise server 12 SP5
1.14.0-11.3.2
fixed
python-mock
suse enterprise sap 12
2.0.0-3.7.25
fixed
suse enterprise sap 12 SP3
2.0.0-3.7.25
fixed
suse enterprise sap 12 SP4
2.0.0-3.7.25
fixed
suse enterprise sap 12 SP5
2.0.0-3.7.25
fixed
suse enterprise server 12
2.0.0-3.7.25
fixed
suse enterprise server 12 SP3
2.0.0-3.7.25
fixed
suse enterprise server 12 SP4
2.0.0-3.7.25
fixed
suse enterprise server 12 SP5
2.0.0-3.7.25
fixed
python-oauthlib
suse enterprise sap 12
0.7.2-3.9.20
fixed
suse enterprise sap 12 SP3
0.7.2-3.9.20
fixed
suse enterprise sap 12 SP4
0.7.2-3.9.20
fixed
suse enterprise sap 12 SP5
0.7.2-3.9.20
fixed
suse enterprise server 12
0.7.2-3.9.20
fixed
suse enterprise server 12 SP3
0.7.2-3.9.20
fixed
suse enterprise server 12 SP4
0.7.2-3.9.20
fixed
suse enterprise server 12 SP5
0.7.2-3.9.20
fixed
python-pbr
suse enterprise sap 12
3.1.1-3.5.2
fixed
suse enterprise sap 12 SP3
3.1.1-3.5.2
fixed
suse enterprise sap 12 SP4
3.1.1-3.5.2
fixed
suse enterprise sap 12 SP5
3.1.1-3.5.2
fixed
suse enterprise server 12
3.1.1-3.5.2
fixed
suse enterprise server 12 SP3
3.1.1-3.5.2
fixed
suse enterprise server 12 SP4
3.1.1-3.5.2
fixed
suse enterprise server 12 SP5
3.1.1-3.5.2
fixed
python-rsa
suse enterprise sap 12
3.1.4-12.9.17
fixed
suse enterprise sap 12 SP3
3.1.4-12.9.17
fixed
suse enterprise sap 12 SP4
3.1.4-12.9.17
fixed
suse enterprise sap 12 SP5
3.1.4-12.9.17
fixed
suse enterprise server 12
3.1.4-12.9.17
fixed
suse enterprise server 12 SP3
3.1.4-12.9.17
fixed
suse enterprise server 12 SP4
3.1.4-12.9.17
fixed
suse enterprise server 12 SP5
3.1.4-12.9.17
fixed
python-setuptools
suse enterprise sap 12
40.6.2-4.12.23
fixed
suse enterprise sap 12 SP3
40.6.2-4.12.23
fixed
suse enterprise sap 12 SP4
40.6.2-4.12.23
fixed
suse enterprise sap 12 SP5
40.6.2-4.12.23
fixed
suse enterprise server 12
40.6.2-4.12.23
fixed
suse enterprise server 12 SP3
40.6.2-4.12.23
fixed
suse enterprise server 12 SP4
40.6.2-4.12.23
fixed
suse enterprise server 12 SP5
40.6.2-4.12.23
fixed
python-stevedore
suse enterprise sap 12
1.8.0-16.2.1
fixed
suse enterprise sap 12 SP3
1.8.0-16.2.1
fixed
suse enterprise sap 12 SP4
1.8.0-16.2.1
fixed
suse enterprise sap 12 SP5
1.8.0-16.2.1
fixed
suse enterprise server 12
1.8.0-16.2.1
fixed
suse enterprise server 12 SP3
1.8.0-16.2.1
fixed
suse enterprise server 12 SP4
1.8.0-16.2.1
fixed
suse enterprise server 12 SP5
1.8.0-16.2.1
fixed
python-urllib3
suse enterprise sap 12
1.22-3.10.1
fixed
suse enterprise sap 12 SP3
1.22-3.10.1
fixed
suse enterprise sap 12 SP4
1.22-3.10.1
fixed
suse enterprise sap 12 SP5
1.22-3.10.1
fixed
suse enterprise server 12
1.22-3.10.1
fixed
suse enterprise server 12 SP3
1.22-3.10.1
fixed
suse enterprise server 12 SP4
1.22-3.10.1
fixed
suse enterprise server 12 SP5
1.22-3.10.1
fixed
python2-urllib3
suse enterprise desktop 15
1.22-4.26
fixed
suse enterprise sap 15
1.22-4.26
fixed
suse enterprise server 15
1.22-4.26
fixed
python3-PyJWT
suse enterprise sap 12
1.4.2-3.10.27
fixed
suse enterprise sap 12 SP3
1.4.2-3.10.27
fixed
suse enterprise sap 12 SP4
1.4.2-3.10.27
fixed
suse enterprise sap 12 SP5
1.4.2-3.10.27
fixed
suse enterprise server 12
1.4.2-3.10.27
fixed
suse enterprise server 12 SP3
1.4.2-3.10.27
fixed
suse enterprise server 12 SP4
1.4.2-3.10.27
fixed
suse enterprise server 12 SP5
1.4.2-3.10.27
fixed
python3-mock
suse enterprise sap 12
2.0.0-3.7.25
fixed
suse enterprise sap 12 SP3
2.0.0-3.7.25
fixed
suse enterprise sap 12 SP4
2.0.0-3.7.25
fixed
suse enterprise sap 12 SP5
2.0.0-3.7.25
fixed
suse enterprise server 12
2.0.0-3.7.25
fixed
suse enterprise server 12 SP3
2.0.0-3.7.25
fixed
suse enterprise server 12 SP4
2.0.0-3.7.25
fixed
suse enterprise server 12 SP5
2.0.0-3.7.25
fixed
python3-oauthlib
suse enterprise sap 12
0.7.2-3.9.20
fixed
suse enterprise sap 12 SP3
0.7.2-3.9.20
fixed
suse enterprise sap 12 SP4
0.7.2-3.9.20
fixed
suse enterprise sap 12 SP5
0.7.2-3.9.20
fixed
suse enterprise server 12
0.7.2-3.9.20
fixed
suse enterprise server 12 SP3
0.7.2-3.9.20
fixed
suse enterprise server 12 SP4
0.7.2-3.9.20
fixed
suse enterprise server 12 SP5
0.7.2-3.9.20
fixed
python3-pbr
suse enterprise sap 12
3.1.1-3.5.2
fixed
suse enterprise sap 12 SP3
3.1.1-3.5.2
fixed
suse enterprise sap 12 SP4
3.1.1-3.5.2
fixed
suse enterprise sap 12 SP5
3.1.1-3.5.2
fixed
suse enterprise server 12
3.1.1-3.5.2
fixed
suse enterprise server 12 SP3
3.1.1-3.5.2
fixed
suse enterprise server 12 SP4
3.1.1-3.5.2
fixed
suse enterprise server 12 SP5
3.1.1-3.5.2
fixed
python3-setuptools
suse enterprise sap 12
40.6.2-4.12.23
fixed
suse enterprise sap 12 SP3
40.6.2-4.12.23
fixed
suse enterprise sap 12 SP4
40.6.2-4.12.23
fixed
suse enterprise sap 12 SP5
40.6.2-4.12.23
fixed
suse enterprise server 12
40.6.2-4.12.23
fixed
suse enterprise server 12 SP3
40.6.2-4.12.23
fixed
suse enterprise server 12 SP4
40.6.2-4.12.23
fixed
suse enterprise server 12 SP5
40.6.2-4.12.23
fixed
python3-urllib3
suse enterprise desktop 15
1.22-4.26
fixed
suse enterprise sap 12
1.22-3.10.1
fixed
suse enterprise sap 12 SP3
1.22-3.10.1
fixed
suse enterprise sap 12 SP4
1.22-3.10.1
fixed
suse enterprise sap 12 SP5
1.22-3.10.1
fixed
suse enterprise sap 15
1.22-4.26
fixed
suse enterprise server 12
1.22-3.10.1
fixed
suse enterprise server 12 SP3
1.22-3.10.1
fixed
suse enterprise server 12 SP4
1.22-3.10.1
fixed
suse enterprise server 12 SP5
1.22-3.10.1
fixed
suse enterprise server 15
1.22-4.26
fixed
python311-urllib3
suse enterprise desktop 15 SP6
2.0.7-150400.7.11.1
fixed
suse enterprise sap 15 SP6
2.0.7-150400.7.11.1
fixed
suse enterprise server 15 SP6
2.0.7-150400.7.11.1
fixed
python311-urllib3_1
suse enterprise desktop 15 SP6
1.26.18-150600.1.4
fixed
suse enterprise sap 15 SP6
1.26.18-150600.1.4
fixed
suse enterprise server 15 SP6
1.26.18-150600.1.4
fixed
python36
suse enterprise server 12 SP3
3.6.15-6.61.6
fixed
python36-PyYAML
suse enterprise server 12 SP3
5.3.1-6.5.12
fixed
python36-appdirs
suse enterprise server 12 SP3
1.4.3-6.3.8
fixed
python36-asn1crypto
suse enterprise server 12 SP3
0.24.0-6.3.16
fixed
python36-base
suse enterprise server 12 SP3
3.6.15-6.61.5
fixed
python36-boto3
suse enterprise server 12 SP3
1.17.9-6.3.11
fixed
python36-botocore
suse enterprise server 12 SP3
1.20.9-6.3.11
fixed
python36-certifi
suse enterprise server 12 SP3
2018.1.18-6.3.15
fixed
python36-cffi
suse enterprise server 12 SP3
1.11.5-6.3.18
fixed
python36-chardet
suse enterprise server 12 SP3
3.0.4-6.3.15
fixed
python36-colorama
suse enterprise server 12 SP3
0.4.4-6.3.15
fixed
python36-cryptography
suse enterprise server 12 SP3
2.8-6.3.17
fixed
python36-curses
suse enterprise server 12 SP3
3.6.15-6.61.6
fixed
python36-dbm
suse enterprise server 12 SP3
3.6.15-6.61.6
fixed
python36-devel
suse enterprise server 12 SP3
3.6.15-6.61.5
fixed
python36-docutils
suse enterprise server 12 SP3
0.14-6.3.8
fixed
python36-idle
suse enterprise server 12 SP3
3.6.15-6.61.6
fixed
python36-idna
suse enterprise server 12 SP3
2.6-6.5.15
fixed
python36-jmespath
suse enterprise server 12 SP3
0.9.3-6.3.14
fixed
python36-packaging
suse enterprise server 12 SP3
17.1-6.6.8
fixed
python36-ply
suse enterprise server 12 SP3
3.10-6.3.8
fixed
python36-ply-doc
suse enterprise server 12 SP3
3.10-6.3.8
fixed
python36-py
suse enterprise server 12 SP3
1.8.1-6.3.15
fixed
python36-pyOpenSSL
suse enterprise server 12 SP3
17.1.0-6.3.16
fixed
python36-pyasn1
suse enterprise server 12 SP3
0.1.9-6.3.18
fixed
python36-pycparser
suse enterprise server 12 SP3
2.10-6.3.9
fixed
python36-pyparsing
suse enterprise server 12 SP3
2.4.7-6.3.9
fixed
python36-pyparsing-doc
suse enterprise server 12 SP3
2.4.7-6.3.9
fixed
python36-python-dateutil
suse enterprise server 12 SP3
2.7.3-6.3.13
fixed
python36-requests
suse enterprise server 12 SP3
2.24.0-6.3.15
fixed
python36-rsa
suse enterprise server 12 SP3
3.4.2-6.3.15
fixed
python36-s3transfer
suse enterprise server 12 SP3
0.3.3-6.3.11
fixed
python36-setuptools
suse enterprise server 12 SP3
44.1.1-9.11.1
fixed
python36-setuptools-test
suse enterprise server 12 SP3
44.1.1-6.7.4
fixed
python36-setuptools-wheel
suse enterprise server 12 SP3
44.1.1-6.7.3
fixed
python36-simplejson
suse enterprise server 12 SP3
3.8.2-6.3.16
fixed
python36-six
suse enterprise server 12 SP3
1.14.0-6.7.3
fixed
python36-six-doc
suse enterprise server 12 SP3
1.14.0-6.7.6
fixed
python36-testsuite
suse enterprise server 12 SP3
3.6.15-6.61.5
fixed
python36-tk
suse enterprise server 12 SP3
3.6.15-6.61.6
fixed
python36-tools
suse enterprise server 12 SP3
3.6.15-6.61.5
fixed
python36-urllib3
suse enterprise server 12 SP3
1.25.10-6.3.13
fixed
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2016/10/27/6
http://www.securityfocus.com/bid/93941
http://www.openwall.com/lists/oss-security/2016/10/27/6
http://www.securityfocus.com/bid/93941