Updated: 2024-11-22 02:33:32.954726
Description:
There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.
Links | NIST | CIRCL | RHEL | Ubuntu |
Severity | Score | |
---|---|---|
CVSS Version 2.x | MEDIUM | 4 |
CVSS Version 3.x | MEDIUM | 6.5 |
OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
---|---|---|---|---|---|---|---|---|
CentOS 6 ELS | python | 2.6.6 | 6.5 | MEDIUM | Ignored | 2022-06-02 00:32:49 | ||
CentOS 7 ELS | python3 | 3.6.8 | 6.5 | MEDIUM | Ignored | 2023-09-19 09:30:16 | ||
CentOS 7 ELS | python | 2.7.5 | 6.5 | MEDIUM | Ignored | 2023-09-19 09:30:17 | ||
CentOS 8.4 ELS | python3 | 3.6.8 | 6.5 | MEDIUM | Already Fixed | 2022-08-02 04:39:28 | ||
CentOS 8.4 ELS | python2 | 2.7.18 | 6.5 | MEDIUM | Released | CLSA-2022:1654525948 | 2022-06-06 11:47:17 | |
CentOS 8.5 ELS | python2 | 2.7.18 | 6.5 | MEDIUM | Released | CLSA-2022:1654526367 | 2022-06-06 11:47:17 | |
CentOS 8.5 ELS | python3 | 3.6.8 | 6.5 | MEDIUM | Already Fixed | 2022-08-02 04:39:28 | ||
CloudLinux 6 ELS | python | 2.6.6 | 6.5 | MEDIUM | Ignored | 2022-06-02 00:32:49 | ||
Oracle Linux 6 ELS | python | 2.6.6 | 6.5 | MEDIUM | Ignored | 2022-06-02 00:32:49 | ||
Ubuntu 16.04 ELS | python2.7 | 2.7.12 | 6.5 | MEDIUM | Released | CLSA-2024:1723146030 | 2024-08-08 17:59:16 |