CVE-2021-3733

Updated: 2024-11-22 02:33:32.954726

Description:

There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x MEDIUM 4
CVSS Version 3.x MEDIUM 6.5

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

CentOS 6 ELS python 2.6.6 6.5 MEDIUM Ignored 2022-06-02 00:32:49
CentOS 7 ELS python3 3.6.8 6.5 MEDIUM Ignored 2023-09-19 09:30:16
CentOS 7 ELS python 2.7.5 6.5 MEDIUM Ignored 2023-09-19 09:30:17
CentOS 8.4 ELS python3 3.6.8 6.5 MEDIUM Already Fixed 2022-08-02 04:39:28
CentOS 8.4 ELS python2 2.7.18 6.5 MEDIUM Released CLSA-2022:1654525948 2022-06-06 11:47:17
CentOS 8.5 ELS python2 2.7.18 6.5 MEDIUM Released CLSA-2022:1654526367 2022-06-06 11:47:17
CentOS 8.5 ELS python3 3.6.8 6.5 MEDIUM Already Fixed 2022-08-02 04:39:28
CloudLinux 6 ELS python 2.6.6 6.5 MEDIUM Ignored 2022-06-02 00:32:49
Oracle Linux 6 ELS python 2.6.6 6.5 MEDIUM Ignored 2022-06-02 00:32:49
Ubuntu 16.04 ELS python2.7 2.7.12 6.5 MEDIUM Released CLSA-2024:1723146030 2024-08-08 17:59:16
Total: 13