ALBA-2019:3693 python-requests bug fix update

The python-requests package contains a library designed to make HTTP requests easy for developers. Bug fix: The fix CVE-2018-18074 leads to a regression BZ1758261...

Amazon Linux 2 : python-requests (ALAS-2019-1334)

A credentials-exposure flaw was found in python-requests, where if a request with authentication is redirected 302 from an HTTPS endpoint to an HTTP endpoint on the same host, the Authorization header is not stripped and the credentials can be read in plain text. A man-in-the-middle attacker coul...

Low: python-requests

Issue Overview: A credentials-exposure flaw was found in python-requests, where if a request with authentication is redirected 302 from an HTTPS endpoint to an HTTP endpoint on the same host, the Authorization header is not stripped and the credentials can be read in plain text. A man-in-the-midd...

NewStart CGSL CORE 5.04 / MAIN 5.04 : python-requests Vulnerability (NS-SA-2019-0189)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has python-requests packages installed that are affected by a vulnerability: - The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirec...

EulerOS Virtualization for ARM 64 3.0.2.0 : python-requests (EulerOS-SA-2019-1947)

According to the version of the python-requests package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - A credentials-exposure flaw was found in python-requests, where if a request with authentication is redirected 30...

EulerOS 2.0 SP5 : python-requests (EulerOS-SA-2019-1886)

According to the version of the python-requests package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - python-requests: Redirect from HTTPS to HTTP does not remove Authorization header CVE-2018-18074 Note that Tenable Network Security has...

Updated python-urllib3 packages fix security vulnerability

It was discovered that urllib3 incorrectly removed Authorization HTTP headers when handled cross-origin redirects. This could result in credentials being sent to unintended hosts CVE-2018-20060. It was discovered that urllib3 incorrectly stripped certain characters from requests. A remote attacke...

python security update

CentOS Errata and Security Advisory CESA-2019:2035 An update for python-requests is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severi...

CentOS 7 : python-requests (CESA-2019:2035)

An update for python-requests is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

Scientific Linux Security Update : python-requests on SL7.x x86_64 (20190806)

Security Fixes : - python-requests: Redirect from HTTPS to HTTP does not remove Authorization header CVE-2018-18074 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description scriptid128255; scriptversion"1.5";...

python-requests security update

2.6.0-5 - Fix CVE-2018-18074 Resolves: rhbz1647368...

RHEL 7 : python-requests (RHSA-2019:2035)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2019:2035 advisory. The python-requests package contains a library designed to make HTTP requests easy for developers. Security Fixes: python-requests: Redirect from HTT...

python-requests: Redirect from HTTPS to HTTP does not remove Authorization header

A credentials-exposure flaw was found in python-requests, where if a request with authentication is redirected 302 from an HTTPS endpoint to an HTTP endpoint on the same host, the Authorization header is not stripped and the credentials can be read in plain text. A man-in-the-middle attacker coul...

Low: Red Hat Security Advisory: python-requests security update

An update for python-requests is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

SUSE-SU-2019:2047-1 Security update for python-requests

This update for python-requests to version 2.20.1 fixes the following issues: Security issue fixed: - CVE-2018-18074: Fixed an information disclosure vulnerability of the HTTP Authorization header bsc1111622...

SUSE-SU-2019:2027-1 Security update for python-requests

This update for python-requests fixes the following issues: - CVE-2018-18074: Fixed an issue which could ease attackers to discover credentials by sniffing the network bsc1111622...

openSUSE Security Update : python-requests (openSUSE-2019-1754)

This update for python-requests to version 2.20.1 fixes the following issues : Security issue fixed : - CVE-2018-18074: Fixed an information disclosure vulnerability of the HTTP Authorization header bsc1111622. This update was imported from the SUSE:SLE-15-SP1:Update update project. C Tenable...

OPENSUSE-SU-2019:1754-1 Security update for python-requests

This update for python-requests to version 2.20.1 fixes the following issues: Security issue fixed: - CVE-2018-18074: Fixed an information disclosure vulnerability of the HTTP Authorization header bsc1111622. This update was imported from the SUSE:SLE-15-SP1:Update update project...

Security update for python-requests (moderate)

openSUSE Security Update: Security update for python-requests Announcement ID: openSUSE-SU-2019:1754-1 Rating: moderate References: 1111622 Cross-References: CVE-2018-18074 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This update for...

Exploit for CVE-2018-9995

This is an exploit module for a DVR Digital Video Recorder vulnerability, specifically CVE-2018-9995. The exploit is designed to obtain exposed credentials from the DVR. The module is written in Python and uses the requests library to send HTTP requests to the DVR. The exploit targets a...