159 matches found
CVE-2021-21240
An uncontrolled resource consumption flaw as found in python-httplib2, due to a flawed regular expression used while parsing the WWW-Authenticate header in an HTTP response. This flaw allows a malicious or compromised server to reply with a crafted sequence of characters in the WWW-Authenticate...
DEBIAN-CVE-2021-21240
httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service CPU burn while parsing header of the httplib2 client accessing said...
CVE-2021-21240
httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service CPU burn while parsing header of the httplib2 client accessing said...
CVE-2021-21240
httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service CPU burn while parsing header of the httplib2 client accessing said...
Code injection
httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service CPU burn while parsing header of the httplib2 client accessing said...
PYSEC-2021-16
httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service CPU burn while parsing header of the httplib2 client accessing said...
PYSEC-2021-16
httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service CPU burn while parsing header of the httplib2 client accessing said...
UBUNTU-CVE-2021-21240
httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service CPU burn while parsing header of the httplib2 client accessing said...
CVE-2021-21240 Regular Expression Denial of Service in httplib2
httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service CPU burn while parsing header of the httplib2 client accessing said...
CVE-2021-21240
CVE-2021-21240 affects httplib2 prior to 0.19.0. A malicious server can send a WWW-Authenticate header containing a long sequence of non-breaking spaces (\xa0), causing a Denial of Service by CPU-intensive header parsing. The root cause is in how httplib2 parses auth headers; a fix was implemente...
CVE-2021-21240
httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service CPU burn while parsing header of the httplib2 client accessing said...
CVE-2021-21240
httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service CPU burn while parsing header of the httplib2 client accessing said...
GHSA-93XJ-8MRV-444M Regular Expression Denial of Service (REDoS) in httplib2
Impact A malicious server which responds with long series of \xa0 characters in the www-authenticate header may cause Denial of Service CPU burn while parsing header of the httplib2 client accessing said server. Patches Version 0.19.0 contains new implementation of auth headers parsing, using...
Regular Expression Denial of Service (REDoS) in httplib2
Impact A malicious server which responds with long series of \xa0 characters in the www-authenticate header may cause Denial of Service CPU burn while parsing header of the httplib2 client accessing said server. Patches Version 0.19.0 contains new implementation of auth headers parsing, using...
httplib2 Resource Management Error Vulnerability
httplib2 is an HTTP client library. A security vulnerability in httplib2 versions prior to 0.19.0, which stems from a response to the long string of xa0 characters in the www-authenticate header, could cause a denial of service when an httplib2 client accesses the server...
CentOS 8 : resource-agents (CESA-2020:4605)
The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2020:4605 advisory. - python-httplib2: CRLF injection via an attacker controlled unescaped part of uri for httplib2.Http.request function CVE-2020-11078 Note that Nessus has not...
Virtuozzo 7 : fence-agents-aliyun / fence-agents-all / etc (VZLSA-2020-5003)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:5003 advisory. - python-httplib2: CRLF injection via an attacker controlled unescaped part of uri for httplib2.Http.request function CVE-2020-11078 Note that Nessus...
Virtuozzo 7 : resource-agents / resource-agents-aliyun / etc (VZLSA-2020-5004)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:5004 advisory. - python-httplib2: CRLF injection via an attacker controlled unescaped part of uri for httplib2.Http.request function CVE-2020-11078 Note that Nessus...
Oracle Linux 8 : resource-agents (ELSA-2020-5947)
The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2020-5947 advisory. - Upgrade bundled python-httplib2 to fix CVE-2020-11078 Resolves: rhbz1850990 Tenable has extracted the preceding description block directly from the Oracle Lin...
CentOS 7 : fence-agents (RHSA-2020:5003)
The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:5003 advisory. - In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for httplib2.Http.request could change request headers and body, send...