Lucene search
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.ALA_ALAS-2020-1407.NASLHistoryJul 30, 2020 - 12:00 a.m.
Amazon Linux AMI : python27, python34, python35, python36 (ALAS-2020-1407)
2020-07-3000:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
37
7.1 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
7 High
AI Score
Confidence
High
0.006 Low
EPSS
Percentile
78.4%
Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking. (CVE-2020-8492)
-
An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0.
CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r (specifically in the host component of a URL) followed by an HTTP header. This is similar to the CVE-2019-9740 query string issue and the CVE-2019-9947 path string issue.
(This is not exploitable when glibc has CVE-2016-10739 fixed.). This is fixed in: v2.7.18, v2.7.18rc1;
v3.5.10, v3.5.10rc1; v3.6.11, v3.6.11rc1, v3.6.12; v3.7.8, v3.7.8rc1, v3.7.9; v3.8.3, v3.8.3rc1, v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1. (CVE-2019-18348) -
Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking. (CVE-2020-8492)
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2020-1407.
##
include('compat.inc');
if (description)
{
script_id(139087);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/02/27");
script_cve_id("CVE-2019-18348", "CVE-2020-8492");
script_xref(name:"ALAS", value:"2020-1407");
script_name(english:"Amazon Linux AMI : python27, python34, python35, python36 (ALAS-2020-1407)");
script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux AMI host is missing a security update.");
script_set_attribute(attribute:"description", value:
"Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an
HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of
urllib.request.AbstractBasicAuthHandler catastrophic backtracking. (CVE-2020-8492)
- An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0.
CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument
to urllib.request.urlopen with \r
(specifically in the host component of a URL) followed by an HTTP
header. This is similar to the CVE-2019-9740 query string issue and the CVE-2019-9947 path string issue.
(This is not exploitable when glibc has CVE-2016-10739 fixed.). This is fixed in: v2.7.18, v2.7.18rc1;
v3.5.10, v3.5.10rc1; v3.6.11, v3.6.11rc1, v3.6.12; v3.7.8, v3.7.8rc1, v3.7.9; v3.8.3, v3.8.3rc1, v3.8.4,
v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1. (CVE-2019-18348)
- Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1
allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client
because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking. (CVE-2020-8492)");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2020-1407.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/../../faqs.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2019-18348.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2020-8492.html");
script_set_attribute(attribute:"solution", value:
"Run 'yum update python27' to update your system.
Run 'yum update python34' to update your system.
Run 'yum update python35' to update your system.
Run 'yum update python36' to update your system.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-18348");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/30");
script_set_attribute(attribute:"patch_publication_date", value:"2020/07/29");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/07/30");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python27");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python27-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python27-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python27-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python27-test");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python27-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python34");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python34-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python34-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python34-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python34-test");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python34-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python35");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python35-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python35-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python35-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python35-test");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python35-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python36");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python36-debug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python36-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python36-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python36-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python36-test");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python36-tools");
script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Amazon Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
exit(0);
}
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var alas_release = get_kb_item("Host/AmazonLinux/release");
if (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, "Amazon Linux");
var os_ver = pregmatch(pattern: "^AL(A|\d+|-\d+)", string:alas_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
if (os_ver == 'A') os_ver = 'AMI';
audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}
if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var pkgs = [
{'reference':'python27-2.7.18-1.138.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python27-2.7.18-1.138.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python27-debuginfo-2.7.18-1.138.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python27-debuginfo-2.7.18-1.138.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python27-devel-2.7.18-1.138.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python27-devel-2.7.18-1.138.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python27-libs-2.7.18-1.138.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python27-libs-2.7.18-1.138.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python27-test-2.7.18-1.138.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python27-test-2.7.18-1.138.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python27-tools-2.7.18-1.138.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python27-tools-2.7.18-1.138.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python34-3.4.10-1.50.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python34-3.4.10-1.50.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python34-debuginfo-3.4.10-1.50.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python34-debuginfo-3.4.10-1.50.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python34-devel-3.4.10-1.50.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python34-devel-3.4.10-1.50.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python34-libs-3.4.10-1.50.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python34-libs-3.4.10-1.50.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python34-test-3.4.10-1.50.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python34-test-3.4.10-1.50.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python34-tools-3.4.10-1.50.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python34-tools-3.4.10-1.50.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python35-3.5.7-1.26.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python35-3.5.7-1.26.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python35-debuginfo-3.5.7-1.26.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python35-debuginfo-3.5.7-1.26.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python35-devel-3.5.7-1.26.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python35-devel-3.5.7-1.26.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python35-libs-3.5.7-1.26.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python35-libs-3.5.7-1.26.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python35-test-3.5.7-1.26.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python35-test-3.5.7-1.26.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python35-tools-3.5.7-1.26.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python35-tools-3.5.7-1.26.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python36-3.6.11-1.17.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python36-3.6.11-1.17.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python36-debug-3.6.11-1.17.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python36-debug-3.6.11-1.17.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python36-debuginfo-3.6.11-1.17.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python36-debuginfo-3.6.11-1.17.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python36-devel-3.6.11-1.17.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python36-devel-3.6.11-1.17.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python36-libs-3.6.11-1.17.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python36-libs-3.6.11-1.17.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python36-test-3.6.11-1.17.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python36-test-3.6.11-1.17.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python36-tools-3.6.11-1.17.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python36-tools-3.6.11-1.17.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python27 / python27-debuginfo / python27-devel / etc");
}| Vendor | Product | Version | CPE |
|---|---|---|---|
| amazon | linux | python27 | p-cpe:/a:amazon:linux:python27 |
| amazon | linux | python27-debuginfo | p-cpe:/a:amazon:linux:python27-debuginfo |
| amazon | linux | python27-devel | p-cpe:/a:amazon:linux:python27-devel |
| amazon | linux | python27-libs | p-cpe:/a:amazon:linux:python27-libs |
| amazon | linux | python27-test | p-cpe:/a:amazon:linux:python27-test |
| amazon | linux | python27-tools | p-cpe:/a:amazon:linux:python27-tools |
| amazon | linux | python34 | p-cpe:/a:amazon:linux:python34 |
| amazon | linux | python34-debuginfo | p-cpe:/a:amazon:linux:python34-debuginfo |
| amazon | linux | python34-devel | p-cpe:/a:amazon:linux:python34-devel |
| amazon | linux | python34-libs | p-cpe:/a:amazon:linux:python34-libs |
Related
nvd
nvd
osv
osv
CVE-2019-18348
2019-10-23 17:15:12
CVE-2019-9947
2019-03-23 18:29:02
ubuntucve
ubuntucve
prion
prion
cvelist
cvelist
debiancve
debiancve
alpinelinux
alpinelinux
CVE-2019-18348
2019-10-23 17:15:12
CVE-2020-8492
2020-01-30 19:15:12
cve
cve
nessus
nessus
Amazon Linux AMI : python36 (ALAS-2020-1428)
2020-08-31 00:00:00
Amazon Linux AMI : python34 (ALAS-2020-1429)
2020-08-31 00:00:00
SUSE SLED15 / SLES15 Security Update : python3 (SUSE-SU-2022:4281-1)
2022-11-30 00:00:00
amazon
amazon
Medium: python27
2020-05-22 20:58:00
Medium: python34, python35
2020-08-27 02:29:00
Medium: python36
2020-08-27 02:25:00
veracode
veracode
CRLF Injection
2020-08-06 21:34:27
Authorization Bypass
2019-08-08 00:07:20
CRLF Injection
2019-05-27 00:40:17
redhatcve
redhatcve
openvas
openvas
Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2019-1658)
2020-01-23 00:00:00
Ubuntu: Security Advisory (USN-4333-2)
2020-05-01 00:00:00
Fedora: Security Advisory for python36 (FEDORA-2020-ea5bdbcc90)
2020-07-12 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: python36-3.6.11-1.fc32
2020-07-04 01:14:28
[SECURITY] Fedora 31 Update: python36-3.6.11-1.fc31
2020-07-10 01:02:15
[SECURITY] Fedora 30 Update: python3-3.7.3-3.fc30
2019-05-17 01:08:18
ubuntu
ubuntu
Python vulnerabilities
2020-04-30 00:00:00
Python vulnerabilities
2020-04-21 00:00:00
cloudfoundry
cloudfoundry
USN-4333-1: Python vulnerabilities | Cloud Foundry
2020-05-14 00:00:00
debian
debian
[SECURITY] [DLA 1835-2] python3.4 regression update
2019-06-25 15:04:12
[SECURITY] [DLA 1835-1] python3.4 security update
2019-06-25 03:40:34
freebsd
freebsd
Python -- multiple vulnerabilities
2019-10-24 00:00:00
Python -- multiple vulnerabilities
2020-08-19 00:00:00
Python -- CRLF injection via the host part of the url passed to urlopen()
2019-10-24 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in python affects IBM Watson Studio Local
2019-12-20 21:38:39
redhat
redhat
(RHSA-2020:1462) Moderate: python security update
2020-04-14 14:34:05
(RHSA-2019:3520) Moderate: python3 security and bug fix update
2019-11-05 17:55:39
(RHSA-2019:3513) Moderate: glibc security, bug fix, and enhancement update
2019-11-05 17:54:26
cbl_mariner
cbl_mariner
CVE-2016-10739 affecting package glibc 2.28-24
2020-10-08 18:09:54
CVE-2019-18348 affecting package python3 3.7.9-2
2021-07-08 21:56:42
oraclelinux
oraclelinux
glibc security, bug fix, and enhancement update
2019-11-21 00:00:00
f5
f5
K35040315 : glibc vulnerability CVE-2016-10739
2019-03-08 00:00:00
suse
suse
Security update for glibc (moderate)
2019-04-20 00:00:00
centos
centos
glibc, nscd security update
2019-08-30 02:53:51
python, tkinter security update
2019-08-30 04:00:52
checkpoint_advisories
checkpoint_advisories
Python Project urllib CRLF Injection (CVE-2019-9740)
2019-03-19 00:00:00
hackerone
hackerone
Internet Bug Bounty: CRLF Injection in urllib
2019-05-25 10:16:29
photon
photon
gentoo
gentoo
Python: Denial of service
2020-05-14 00:00:00
7.1 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
7 High
AI Score
Confidence
High
0.006 Low
EPSS
Percentile
78.4%
Related for ALA_ALAS-2020-1407.NASL