CVE-2021-21240
- EPSS 4.54%
- Published 08.02.2021 20:15:12
- Last modified 21.11.2024 05:47:50
httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service (CPU burn while parsin...
CVE-2020-11078
- EPSS 3.19%
- Published 20.05.2020 16:15:10
- Last modified 21.11.2024 04:56:44
In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httpli...
CVE-2013-2037
- EPSS 0.49%
- Published 18.01.2014 21:55:03
- Last modified 11.04.2025 00:51:21
httplib2 0.7.2, 0.8, and earlier, after an initial connection is made, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle a...