14 matches found
EUVD-2021-27010
Malware in sbrugna...
EUVD-2011-1522
Malware in sbrugna...
EUVD-2019-8136
Malware in sbrugna...
K000153040: Python urllib vulnerability CVE-2019-9740
Security Advisory Description An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the...
K000151516: Python urllib vulnerability CVE-2019-9947
Security Advisory Description An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the...
F5 Networks BIG-IP : Python urllib vulnerability (K000151516)
The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3 / 17.5.1. It is, therefore, affected by a vulnerability as referenced in the K000151516 advisory. An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injectio...
There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.
...
USN-5201-1: Python vulnerabilities
It was discovered that the Python urllib http client could enter into an infinite loop when incorrectly handling certain server responses 100 Continue response. Specially crafted traffic from a malicious HTTP server could cause a denial of service Dos condition for a client...
PT-2021-7377 · Python +10 · Urllib +10
Name of the Vulnerable Software and Affected Versions: urllib affected versions not specified Description: A flaw in the AbstractBasicAuthHandler class of urllib allows an attacker controlling a malicious HTTP server to trigger a Regular Expression Denial of Service ReDOS during an authentication...
python: CRLF injection via the query part of the url passed to urlopen()
An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the query string after a ? charact...
python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms
urllib in Python 2.x through 2.7.16 supports the localfile: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen'localfile:///etc/passwd' call...
PSF-2011-2 urllib redirect
The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service resource consumption via a crafted URL, as...
urllib2): Improper management of ftp:// and file:// URL schemes (Issue #11662)
The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service resource consumption via a crafted URL, as...
Kojoney 0.0.4.1 - 'urllib.urlopen()' Remote Denial of Service
source: https://www.securityfocus.com/bid/38395/info Kojoney is prone to a remote denial-of-service vulnerability. A remote attacker can exploit this issue to gain unauthorized access to local files and crash the affected application, resulting in a denial-of-service condition. Versions prior to...