CVE-2020-11078
Description
In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for httplib2.Http.request() could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping. This has been fixed in 0.18.0.
Risk Information
Base Score
6.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N
EPSS Score
Exploitation Probability
3.277
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2020-11078 are fixed in Python-httplib2 0.18.0 | Windows |
| (RHSA-2020:5003) fence-agents security and bug fix update fence-agents-all-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (RHSA-2020:5003) fence-agents security and bug fix update fence-agents-amt-ws-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (RHSA-2020:5003) fence-agents security and bug fix update fence-agents-apc-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (RHSA-2020:5003) fence-agents security and bug fix update fence-agents-apc-snmp-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (RHSA-2020:5003) fence-agents security and bug fix update fence-agents-bladecenter-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (RHSA-2020:5003) fence-agents security and bug fix update fence-agents-brocade-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (RHSA-2020:5003) fence-agents security and bug fix update fence-agents-cisco-mds-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (RHSA-2020:5003) fence-agents security and bug fix update fence-agents-cisco-ucs-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (RHSA-2020:5003) fence-agents security and bug fix update fence-agents-common-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (RHSA-2020:5003) fence-agents security and bug fix update fence-agents-compute-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (RHSA-2020:5003) fence-agents security and bug fix update fence-agents-drac5-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (RHSA-2020:5003) fence-agents security and bug fix update fence-agents-eaton-snmp-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (RHSA-2020:5003) fence-agents security and bug fix update fence-agents-emerson-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (RHSA-2020:5003) fence-agents security and bug fix update fence-agents-eps-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (RHSA-2020:5003) fence-agents security and bug fix update fence-agents-heuristics-ping-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (RHSA-2020:5003) fence-agents security and bug fix update fence-agents-hpblade-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (RHSA-2020:5003) fence-agents security and bug fix update fence-agents-ibmblade-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (RHSA-2020:5003) fence-agents security and bug fix update fence-agents-ifmib-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (RHSA-2020:5003) fence-agents security and bug fix update fence-agents-ilo-moonshot-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (RHSA-2020:5003) fence-agents security and bug fix update fence-agents-ilo-mp-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (RHSA-2020:5003) fence-agents security and bug fix update fence-agents-ilo-ssh-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (RHSA-2020:5003) fence-agents security and bug fix update fence-agents-ilo2-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (RHSA-2020:5003) fence-agents security and bug fix update fence-agents-intelmodular-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (RHSA-2020:5003) fence-agents security and bug fix update fence-agents-ipdu-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (RHSA-2020:5003) fence-agents security and bug fix update fence-agents-ipmilan-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (RHSA-2020:5003) fence-agents security and bug fix update fence-agents-kdump-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (RHSA-2020:5003) fence-agents security and bug fix update fence-agents-lpar-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (RHSA-2020:5003) fence-agents security and bug fix update fence-agents-mpath-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (RHSA-2020:5003) fence-agents security and bug fix update fence-agents-redfish-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (RHSA-2020:5003) fence-agents security and bug fix update fence-agents-rhevm-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (RHSA-2020:5003) fence-agents security and bug fix update fence-agents-rsa-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (RHSA-2020:5003) fence-agents security and bug fix update fence-agents-rsb-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (RHSA-2020:5003) fence-agents security and bug fix update fence-agents-sbd-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (RHSA-2020:5003) fence-agents security and bug fix update fence-agents-scsi-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (RHSA-2020:5003) fence-agents security and bug fix update fence-agents-virsh-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (RHSA-2020:5003) fence-agents security and bug fix update fence-agents-vmware-rest-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (RHSA-2020:5003) fence-agents security and bug fix update fence-agents-vmware-soap-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (RHSA-2020:5003) fence-agents security and bug fix update fence-agents-wti-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| Fence-agents-all update (ELSA-2020-5003) fence-agents-all-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| Fence-agents-amt-ws update (ELSA-2020-5003) fence-agents-amt-ws-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| Fence-agents-apc update (ELSA-2020-5003) fence-agents-apc-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| Fence-agents-apc-snmp update (ELSA-2020-5003) fence-agents-apc-snmp-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| Fence-agents-bladecenter update (ELSA-2020-5003) fence-agents-bladecenter-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| Fence-agents-brocade update (ELSA-2020-5003) fence-agents-brocade-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| Fence-agents-cisco-mds update (ELSA-2020-5003) fence-agents-cisco-mds-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| Fence-agents-cisco-ucs update (ELSA-2020-5003) fence-agents-cisco-ucs-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| Fence-agents-common update (ELSA-2020-5003) fence-agents-common-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| Fence-agents-compute update (ELSA-2020-5003) fence-agents-compute-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| Fence-agents-drac5 update (ELSA-2020-5003) fence-agents-drac5-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| Fence-agents-eaton-snmp update (ELSA-2020-5003) fence-agents-eaton-snmp-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| Fence-agents-emerson update (ELSA-2020-5003) fence-agents-emerson-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| Fence-agents-eps update (ELSA-2020-5003) fence-agents-eps-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| Fence-agents-heuristics-ping update (ELSA-2020-5003) fence-agents-heuristics-ping-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| Fence-agents-hpblade update (ELSA-2020-5003) fence-agents-hpblade-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| Fence-agents-ibmblade update (ELSA-2020-5003) fence-agents-ibmblade-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| Fence-agents-ifmib update (ELSA-2020-5003) fence-agents-ifmib-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| Fence-agents-ilo-moonshot update (ELSA-2020-5003) fence-agents-ilo-moonshot-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| Fence-agents-ilo-mp update (ELSA-2020-5003) fence-agents-ilo-mp-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| Fence-agents-ilo-ssh update (ELSA-2020-5003) fence-agents-ilo-ssh-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| Fence-agents-ilo2 update (ELSA-2020-5003) fence-agents-ilo2-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| Fence-agents-intelmodular update (ELSA-2020-5003) fence-agents-intelmodular-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| Fence-agents-ipdu update (ELSA-2020-5003) fence-agents-ipdu-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| Fence-agents-ipmilan update (ELSA-2020-5003) fence-agents-ipmilan-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| Fence-agents-kdump update (ELSA-2020-5003) fence-agents-kdump-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| Fence-agents-lpar update (ELSA-2020-5003) fence-agents-lpar-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| Fence-agents-mpath update (ELSA-2020-5003) fence-agents-mpath-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| Fence-agents-redfish update (ELSA-2020-5003) fence-agents-redfish-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| Fence-agents-rhevm update (ELSA-2020-5003) fence-agents-rhevm-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| Fence-agents-rsa update (ELSA-2020-5003) fence-agents-rsa-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| Fence-agents-rsb update (ELSA-2020-5003) fence-agents-rsb-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| Fence-agents-sbd update (ELSA-2020-5003) fence-agents-sbd-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| Fence-agents-scsi update (ELSA-2020-5003) fence-agents-scsi-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| Fence-agents-virsh update (ELSA-2020-5003) fence-agents-virsh-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| Fence-agents-vmware-rest update (ELSA-2020-5003) fence-agents-vmware-rest-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| Fence-agents-vmware-soap update (ELSA-2020-5003) fence-agents-vmware-soap-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| Fence-agents-wti update (ELSA-2020-5003) fence-agents-wti-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (CESA-2020:5003) fence-agents security and bug fix update fence-agents-all-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (CESA-2020:5003) fence-agents security and bug fix update fence-agents-amt-ws-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (CESA-2020:5003) fence-agents security and bug fix update fence-agents-apc-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (CESA-2020:5003) fence-agents security and bug fix update fence-agents-apc-snmp-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (CESA-2020:5003) fence-agents security and bug fix update fence-agents-bladecenter-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (CESA-2020:5003) fence-agents security and bug fix update fence-agents-brocade-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (CESA-2020:5003) fence-agents security and bug fix update fence-agents-cisco-mds-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (CESA-2020:5003) fence-agents security and bug fix update fence-agents-cisco-ucs-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (CESA-2020:5003) fence-agents security and bug fix update fence-agents-common-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (CESA-2020:5003) fence-agents security and bug fix update fence-agents-compute-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (CESA-2020:5003) fence-agents security and bug fix update fence-agents-drac5-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (CESA-2020:5003) fence-agents security and bug fix update fence-agents-eaton-snmp-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (CESA-2020:5003) fence-agents security and bug fix update fence-agents-emerson-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (CESA-2020:5003) fence-agents security and bug fix update fence-agents-eps-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (CESA-2020:5003) fence-agents security and bug fix update fence-agents-heuristics-ping-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (CESA-2020:5003) fence-agents security and bug fix update fence-agents-hpblade-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (CESA-2020:5003) fence-agents security and bug fix update fence-agents-ibmblade-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (CESA-2020:5003) fence-agents security and bug fix update fence-agents-ifmib-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (CESA-2020:5003) fence-agents security and bug fix update fence-agents-ilo-moonshot-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (CESA-2020:5003) fence-agents security and bug fix update fence-agents-ilo-mp-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (CESA-2020:5003) fence-agents security and bug fix update fence-agents-ilo-ssh-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (CESA-2020:5003) fence-agents security and bug fix update fence-agents-ilo2-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (CESA-2020:5003) fence-agents security and bug fix update fence-agents-intelmodular-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (CESA-2020:5003) fence-agents security and bug fix update fence-agents-ipdu-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (CESA-2020:5003) fence-agents security and bug fix update fence-agents-ipmilan-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (CESA-2020:5003) fence-agents security and bug fix update fence-agents-kdump-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (CESA-2020:5003) fence-agents security and bug fix update fence-agents-mpath-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (CESA-2020:5003) fence-agents security and bug fix update fence-agents-redfish-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (CESA-2020:5003) fence-agents security and bug fix update fence-agents-rhevm-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (CESA-2020:5003) fence-agents security and bug fix update fence-agents-rsa-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (CESA-2020:5003) fence-agents security and bug fix update fence-agents-rsb-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (CESA-2020:5003) fence-agents security and bug fix update fence-agents-sbd-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (CESA-2020:5003) fence-agents security and bug fix update fence-agents-scsi-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (CESA-2020:5003) fence-agents security and bug fix update fence-agents-virsh-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (CESA-2020:5003) fence-agents security and bug fix update fence-agents-vmware-rest-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (CESA-2020:5003) fence-agents security and bug fix update fence-agents-vmware-soap-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (CESA-2020:5003) fence-agents security and bug fix update fence-agents-wti-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| (CESA-2020:5003) fence-agents security and bug fix update fence-agents-lpar-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| SUSE-SU-2021:1806-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) python3-httplib2-0.19.0-3.3.1.noarch.rpm | Linux |
| (RHSA-2020:5003)Low: security and bug fix update fence-agents-debuginfo-4.2.1-41.el7_9.2.x86_64.rpm | Linux |
| Resource-agents update (ELSA-2020-5004) resource-agents-4.1.1-61.el7_9.4.x86_64.rpm | Linux |
| Resource-agents-aliyun update (ELSA-2020-5004) resource-agents-aliyun-4.1.1-61.el7_9.4.x86_64.rpm | Linux |
| Resource-agents-gcp update (ELSA-2020-5004) resource-agents-gcp-4.1.1-61.el7_9.4.x86_64.rpm | Linux |
| Vulnerabilities CVE-2020-11078 are fixed in Python-httplib2 for linux 0.18.0 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234