Extended Lifecycle Support CVE dashboard by TuxСare

CVEs Releases Projects

CVE-2021-3733

Updated: 2022-06-21 11:27:18.360415

Description:

There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x MEDIUM 4
CVSS Version 3.x MEDIUM 6.5

Status

OS name Project name Version Status Errata Last updated
CentOS 6 ELS python 2.6.6 Ignored 2022-06-02 00:32:49.588147
CentOS 8.4 ELS python2 2.7.18 Released CLSA-2022:1654525948 2022-06-06 11:47:17.731435
CentOS 8.4 ELS python3 3.6.8 Not vulnerable 2022-05-23 19:13:51.345643
CentOS 8.5 ELS python2 2.7.18 Released CLSA-2022:1654526367 2022-06-06 11:47:17.405969
CentOS 8.5 ELS python3 3.6.8 Not vulnerable 2022-05-23 19:13:51.197918
CloudLinux 6 ELS python 2.6.6 Ignored 2022-06-02 00:32:49.551738
Oracle Linux 6 ELS python 2.6.6 Ignored 2022-06-02 00:32:49.479422
Ubuntu 16.04 ELS python3 3.5.2-2ubuntu0~16.04.13 Released CLSA-2021:1635430087 2021-11-02 21:02:48.097029
Ubuntu 16.04 ELS python 2.7.12-1ubuntu0~16.04.13 Ignored 2022-04-07 21:52:18.29281

Statement

Will not fix: low score