CVSS: 7.5EPSS: 1%CPEs: 27EXPL: 1CVE-2021-3737 – python: urllib: HTTP client possible infinite loop on a 100 Continue response
https://notcve.org/view.php?id=CVE-2021-3737
A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability. Se ha encontrado un fallo en python. Una respuesta HTTP manejada inapropiadamente en el código del cliente HTTP de python puede permitir a un atacante remoto, que controle el servidor HTTP, hacer que el script del cliente entre en un bucle infinito, consumiendo tiempo de CPU. • https://bugs.python.org/issue44022 https://bugzilla.redhat.com/show_bug.cgi?id=1995162 https://github.com/python/cpython/pull/25916 https://github.com/python/cpython/pull/26503 https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html https://python-security.readthedocs.io/vuln/urllib-100-continue-loop.html https://security.netapp.com/advisory/ntap-20220407-0009 https://ubuntu.com/security/CVE-2021-3737 • CWE-400: Uncontrolled Resource Consumption CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0CVE-2013-3773
https://notcve.org/view.php?id=CVE-2013-3773
Unspecified vulnerability in the SPARC Enterprise M Series Servers component in Oracle and Sun Systems Products Suite XCP 1114 and earlier allows remote attackers to affect availability via vectors related to XSCF Control Package (XCP). Vulnerabilidad no especificada en el componente SPARC Enterprise M Series Servers en Oracle y Sun Systems Products Suite XCP 1114 y anteriores permite a atacantes remotos afectar la disponibilidad mediante vectores relacionados con XSCF Control Package (XCP). • http://osvdb.org/95311 http://secunia.com/advisories/54240 http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html http://www.securityfocus.com/bid/61247 https://exchange.xforce.ibmcloud.com/vulnerabilities/85698 •
CVSS: 2.6EPSS: 1%CPEs: 6EXPL: 0CVE-2012-1693
https://notcve.org/view.php?id=CVE-2012-1693
Unspecified vulnerability in Oracle SPARC Enterprise M Series Servers XCP 1110 allows remote attackers to affect availability, related to XSCF Control Package (XCP). Vulnerabilidad no especificada en Oracle SPARC Enterprise M Series Servers XCP v1110 permite a atacantes remotos afectar a la disponibilidad, en relación con XSCF Control Package (XCP). • http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html http://www.securityfocus.com/bid/53131 http://www.securitytracker.com/id?1026942 •
CVSS: 2.1EPSS: 0%CPEs: 6EXPL: 0CVE-2012-0548
https://notcve.org/view.php?id=CVE-2012-0548
Unspecified vulnerability in Oracle SPARC Enterprise M Series Servers XCP 1110 and earlier allows local users to affect confidentiality, related to XSCF Control Package (XCP). Vulnerabilidad no especificada en Oracle SPARC Enterprise M Series Servers XCP v1110 y anteriores permite a usuarios locales afectar la confidencialidad, en relación con XSCF Control Package (XCP). • http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html http://www.securityfocus.com/bid/53134 http://www.securitytracker.com/id?1026942 •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2011-2299
https://notcve.org/view.php?id=CVE-2011-2299
Unspecified vulnerability in Oracle SPARC Enterprise M3000, M4000, M5000, M8000, and M9000 XCP 1101 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to XSCF Control Package (XCP). Vulnerabilidad no especificada en Oracle SPARC Enterprise M3000, M4000, M5000, M8000, M9000 y XCP 1101 y anteriores permite a atacantes remotos afectar a la confidencialidad, integridad y disponibilidad, en relación con el paquete de control de XSCF (XCP). • http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html http://www.us-cert.gov/cas/techalerts/TA11-201A.html •