Lucene search
K

159 matches found

RedhatCVE
RedhatCVE
added 2021/02/09 4:4 p.m.40 views

CVE-2021-21240

An uncontrolled resource consumption flaw as found in python-httplib2, due to a flawed regular expression used while parsing the WWW-Authenticate header in an HTTP response. This flaw allows a malicious or compromised server to reply with a crafted sequence of characters in the WWW-Authenticate...

7.5CVSS0.7AI score0.03876EPSS
Exploits1References4
OSV
OSV
added 2021/02/08 8:15 p.m.2 views

DEBIAN-CVE-2021-21240

httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service CPU burn while parsing header of the httplib2 client accessing said...

7.5CVSS7.6AI score0.03876EPSS
Exploits1References1
OSV
OSV
added 2021/02/08 8:15 p.m.25 views

CVE-2021-21240

httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service CPU burn while parsing header of the httplib2 client accessing said...

7.5CVSS7.4AI score
Exploits0References4
UbuntuCve
UbuntuCve
added 2021/02/08 8:15 p.m.62 views

CVE-2021-21240

httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service CPU burn while parsing header of the httplib2 client accessing said...

7.5CVSS7.1AI score0.03876EPSS
Exploits1References4
Prion
Prion
added 2021/02/08 8:15 p.m.22 views

Code injection

httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service CPU burn while parsing header of the httplib2 client accessing said...

5CVSS7.3AI score0.03876EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2021/02/08 8:15 p.m.68 views

PYSEC-2021-16

httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service CPU burn while parsing header of the httplib2 client accessing said...

7.5CVSS2.8AI score0.03876EPSS
Exploits1References4
PyPA
PyPA
added 2021/02/08 8:15 p.m.6 views

PYSEC-2021-16

httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service CPU burn while parsing header of the httplib2 client accessing said...

7.5CVSS6.9AI score0.03876EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2021/02/08 8:15 p.m.2 views

UBUNTU-CVE-2021-21240

httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service CPU burn while parsing header of the httplib2 client accessing said...

7.5CVSS7.1AI score0.03876EPSS
Exploits1References5
Cvelist
Cvelist
added 2021/02/08 7:45 p.m.53 views

CVE-2021-21240 Regular Expression Denial of Service in httplib2

httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service CPU burn while parsing header of the httplib2 client accessing said...

7.5CVSS7.5AI score0.03876EPSS
Exploits1References4
CVE
CVE
added 2021/02/08 7:45 p.m.242 views

CVE-2021-21240

CVE-2021-21240 affects httplib2 prior to 0.19.0. A malicious server can send a WWW-Authenticate header containing a long sequence of non-breaking spaces (\xa0), causing a Denial of Service by CPU-intensive header parsing. The root cause is in how httplib2 parses auth headers; a fix was implemente...

7.5CVSS7.4AI score0.03876EPSS
Exploits1References4Affected Software1
AlpineLinux
AlpineLinux
added 2021/02/08 7:45 p.m.58 views

CVE-2021-21240

httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service CPU burn while parsing header of the httplib2 client accessing said...

7.5CVSS7.5AI score0.03876EPSS
Exploits1
Debian CVE
Debian CVE
added 2021/02/08 7:45 p.m.26 views

CVE-2021-21240

httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service CPU burn while parsing header of the httplib2 client accessing said...

7.5CVSS7.5AI score0.03876EPSS
Exploits1
OSV
OSV
added 2021/02/08 7:41 p.m.27 views

GHSA-93XJ-8MRV-444M Regular Expression Denial of Service (REDoS) in httplib2

Impact A malicious server which responds with long series of \xa0 characters in the www-authenticate header may cause Denial of Service CPU burn while parsing header of the httplib2 client accessing said server. Patches Version 0.19.0 contains new implementation of auth headers parsing, using...

8.7CVSS7.5AI score0.03876EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2021/02/08 7:41 p.m.58 views

Regular Expression Denial of Service (REDoS) in httplib2

Impact A malicious server which responds with long series of \xa0 characters in the www-authenticate header may cause Denial of Service CPU burn while parsing header of the httplib2 client accessing said server. Patches Version 0.19.0 contains new implementation of auth headers parsing, using...

7.5CVSS7.4AI score0.03876EPSS
Exploits1References7Affected Software1
CNNVD
CNNVD
added 2021/02/08 12:0 a.m.9 views

httplib2 Resource Management Error Vulnerability

httplib2 is an HTTP client library. A security vulnerability in httplib2 versions prior to 0.19.0, which stems from a response to the long string of xa0 characters in the www-authenticate header, could cause a denial of service when an httplib2 client accesses the server...

7.5CVSS7.1AI score0.03876EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2021/02/01 12:0 a.m.39 views

CentOS 8 : resource-agents (CESA-2020:4605)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2020:4605 advisory. - python-httplib2: CRLF injection via an attacker controlled unescaped part of uri for httplib2.Http.request function CVE-2020-11078 Note that Nessus has not...

6.8CVSS6.6AI score0.02593EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/12/18 12:0 a.m.29 views

Virtuozzo 7 : fence-agents-aliyun / fence-agents-all / etc (VZLSA-2020-5003)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:5003 advisory. - python-httplib2: CRLF injection via an attacker controlled unescaped part of uri for httplib2.Http.request function CVE-2020-11078 Note that Nessus...

6.8CVSS6.5AI score0.02593EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2020/12/18 12:0 a.m.30 views

Virtuozzo 7 : resource-agents / resource-agents-aliyun / etc (VZLSA-2020-5004)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:5004 advisory. - python-httplib2: CRLF injection via an attacker controlled unescaped part of uri for httplib2.Http.request function CVE-2020-11078 Note that Nessus...

6.8CVSS6.5AI score0.02593EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2020/11/24 12:0 a.m.31 views

Oracle Linux 8 : resource-agents (ELSA-2020-5947)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2020-5947 advisory. - Upgrade bundled python-httplib2 to fix CVE-2020-11078 Resolves: rhbz1850990 Tenable has extracted the preceding description block directly from the Oracle Lin...

6.8CVSS6.5AI score0.02593EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/11/19 12:0 a.m.29 views

CentOS 7 : fence-agents (RHSA-2020:5003)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:5003 advisory. - In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for httplib2.Http.request could change request headers and body, send...

6.8CVSS6.4AI score0.02593EPSS
Exploits0References2
Rows per page
Query Builder