MiracleLinux 8 : python-pip-9.0.3-16.el8 (AXSA:2020-285:03)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-285:03 advisory. python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure CVE-2018-20060 python-urllib3: CRLF injection...

TencentOS Server 3: python-pip (TSSA-2022:0103)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0103 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Alibaba Cloud Linux 3 : 0103: python-pip (ALINUX3-SA-2022:0103)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0103 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2018-18074: The Requests package befor...

Linux Distros Unpatched Vulnerability : CVE-2018-18074

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which mak...

Oracle Linux 8 : python-requests (ELSA-2025-0012)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2025-0012 advisory. - Security fix for CVE-2024-35195 Resolves: RHEL-37605 - Security fix for CVE-2023-32681 Resolves: rhbz2209469 - Update to v2.20.0 for CVE-2018-18074. - Remove...

RHEL 6 : python-requests (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - python-requests: Redirect from HTTPS to HTTP does not remove Authorization header CVE-2018-18074 Note that Nessus h...

RHEL 6 : python-requests (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - python-requests: Redirect from HTTPS to HTTP does not remove Authorization header CVE-2018-18074 - Reques...

NewStart CGSL CORE 5.04 / MAIN 5.04 : python-requests Multiple Vulnerabilities (NS-SA-2024-0014)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has python-requests packages installed that are affected by multiple vulnerabilities: - The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-htt...

Oracle Linux 8 : python-pip (ELSA-2020-1916)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1916 advisory. 9.0.3-16 - Add four new patches for CVEs in bundled urllib3 and requests CVE-2018-20060, CVE-2019-11236, CVE-2019-11324, CVE-2018-18074 Resolves:...

Oracle Linux 7 : python-requests (ELSA-2019-2035)

The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2019-2035 advisory. 2.6.0-5 - Fix CVE-2018-18074 Resolves: rhbz1647368 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note...

altfithealth.com Cross Site Scripting vulnerability OBB-3359059

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

K000133652: Python vulnerability CVE-2018-18074

Security Advisory Description The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network. CVE-2018-18074 Impact Fo...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.16.1.3)

The version of AOS installed on the remote host is prior to 5.16.1.3. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.16.1.3 advisory. - When using the Apache JServ Protocol AJP, care must be taken when trusting incoming connections to Apache Tomcat. Tomcat...

SUSE: Security Advisory (SUSE-SU-2022:1819-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES12 Security Update : python-requests (SUSE-SU-2022:1819-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:1819-1 advisory. - The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-ht...

SUSE-SU-2022:1819-1 Security update for python-requests

This update for python-requests fixes the following issues: - CVE-2018-18074: Fixed to prevent the package to send an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect. bsc1111622...

SUSE SLES15 Security Update : python-requests (SUSE-SU-2022:1448-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:1448-1 advisory. - The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-ht...

SUSE: Security Advisory (SUSE-SU-2022:1448-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects/follow-redirects

Note Reclarification of https://huntr.dev/bounties/6d9fd2bf-39e4-4291-b228-30f131b9ccdc/ Description The Authorization header leaks from same hostname https-http redirect. If https://example.com redirects to http://example.com, then an attacker who can listen in on the wire or perform a MITM atta...

Mageia: Security Advisory (MGASA-2018-0475)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...