What is CVE-2016-9015?

CVE-2016-9015 is a low-severity vulnerability in Python Urllib3, classified under Improper Certificate Validation. CVSS score: 3.7/10. Published 2017-01-11.

How severe is CVE-2016-9015?

Low severity. CVSS v3 base score is 3.7 out of 10.

Is CVE-2016-9015 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Python Urllib3

CVE-2016-9015

Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vulnerability that can cause them, in certain configurations, to not correctly validate TLS certificates. This places users of the library with those configurations at risk…

Vulnerability class: Improper Certificate Validation

EPSS: 0.000 (11.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.7 (Low). Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N.

Affected products

Python Urllib3 — versions 1.17, 1.18
N/a — versions n/a

Weakness classification (CWE)

CWE-295 — Improper Certificate Validation

Public proof-of-concept exploits

References

93941 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
[oss-security] 20161027 CVE-2016-9015: Python urllib3 1.17 and 1.18 certificate verification failure (mailing-list, x_refsource_MLIST, Mailing List, Mitigation)

Frequently asked questions

What is CVE-2016-9015?: CVE-2016-9015 is a low-severity vulnerability in Python Urllib3, classified under Improper Certificate Validation. CVSS score: 3.7/10. Published 2017-01-11.
How severe is CVE-2016-9015?: Low severity. CVSS v3 base score is 3.7 out of 10.
Is CVE-2016-9015 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.