Lucene search
K

534 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/12/19 6:14 a.m.14 views

Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to multiple vulnerabilities due to python - requests

Summary IBM Sterling Connect:Direct Web Service uses python - requests , python-requests could allow a remote attacker to obtain sensitive information, caused by the leaking of Proxy-Authorization headers to destination servers during redirects to an HTTPS origin. Vulnerability Details...

6.1CVSS6.3AI score0.02782EPSS
Exploits1Affected Software1
SUSE Linux
SUSE Linux
added 2024/12/17 1:17 p.m.1 views

Security update for python-urllib3_1

This update for python-urllib31 fixes the following issues: CVE-2024-37891: Fixed proxy-authorization request header not stripped during cross-origin redirects bsc1226469 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zyppe...

4.4CVSS7.8AI score0.01141EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2024/12/13 12:0 a.m.4 views

The vulnerability of the HTTP client library for Python urllib3, related to improper resource transfer between components, allows attackers to gain unauthorized access to protected information.

The vulnerability of the HTTP client library for Python urllib3 is related to improper handling of the Proxy-Authorization header during redirects between sources. Exploiting this vulnerability can allow a remote attacker to gain unauthorized access to protected information...

5.4CVSS6.7AI score0.01141EPSS
Exploits1References10Affected Software4
Tenable Nessus
Tenable Nessus
added 2024/11/25 12:0 a.m.7 views

RHEL 9 : python3.11-urllib3 (RHSA-2024:9922)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:9922 advisory. The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fixes: urllib3:...

6.5CVSS6.8AI score0.01141EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2024/11/21 9:30 a.m.5 views

urllib3: proxy-authorization request header is not stripped during cross-origin redirects

A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the Proxy-Authorization HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects...

6.5CVSS6.7AI score0.01141EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2024/11/21 9:30 a.m.23 views

Moderate: Red Hat Security Advisory: RHOSP 17.1.4 (python-urllib3) security update

An update for python-urllib3 is now available for Red Hat OpenStack Platform RHOSP 17.1 Wallaby. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

6.5CVSS6.8AI score0.01141EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2024/11/19 1:27 a.m.2 views

urllib3: proxy-authorization request header is not stripped during cross-origin redirects

A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the Proxy-Authorization HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects...

6.5CVSS6.7AI score0.01141EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2024/11/19 1:25 a.m.3 views

urllib3: proxy-authorization request header is not stripped during cross-origin redirects

A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the Proxy-Authorization HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects...

6.5CVSS6.7AI score0.01141EPSS
Exploits1References4
SUSE Linux
SUSE Linux
added 2024/11/18 1:25 p.m.2 views

Security update for SUSE Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: Security fixes on Python 3.11 interpreter: CVE-2024-7592: Fixed quadratic complexity in parsing -quoted cookie values with backslashes bsc1229873, bsc1230059 CVE-2024-8088: Prevent malformed payload to cause infinite loops in zipfile.Path...

7.5CVSS7.8AI score0.02303EPSS
Exploits3References66
RedHat Linux
RedHat Linux
added 2024/11/12 10:24 a.m.4 views

urllib3: proxy-authorization request header is not stripped during cross-origin redirects

A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the Proxy-Authorization HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects...

6.5CVSS6.7AI score0.01141EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2024/11/12 10:24 a.m.2 views

urllib3: proxy-authorization request header is not stripped during cross-origin redirects

A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the Proxy-Authorization HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects...

6.5CVSS6.7AI score0.01141EPSS
Exploits1References4
AlmaLinux
AlmaLinux
added 2024/11/12 12:0 a.m.18 views

Moderate: python3.11-urllib3 security update

The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fixes: urllib3: proxy-authorization request header is not stripped during cross-origin redirects CVE-2024-37891 For more details about the security issues, including the impact, a...

6.5CVSS5.2AI score0.01141EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2024/11/12 12:0 a.m.6 views

RHEL 9 : python3.12-urllib3 (RHSA-2024:9457)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:9457 advisory. urllib3 is a powerful, user-friendly HTTP client for Python. urllib3 brings many critical features that are missing from the Python standard librarie...

6.5CVSS6.8AI score0.01141EPSS
Exploits1References5
OpenVAS
OpenVAS
added 2024/11/11 12:0 a.m.13 views

Mageia: Security Advisory (MGASA-2024-0347)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS7.8AI score0.01141EPSS
Exploits1References3
Mageia
Mageia
added 2024/11/08 10:9 p.m.30 views

Updated python-urllib3 packages fix security vulnerability

When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to accidentally configure the Proxy-Authorization header even though it...

6.5CVSS7.3AI score0.01141EPSS
Exploits1References1
OSV
OSV
added 2024/11/08 10:9 p.m.7 views

MGASA-2024-0347 Updated python-urllib3 packages fix security vulnerability

When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to accidentally configure the Proxy-Authorization header even though it...

6.5CVSS5.1AI score0.01141EPSS
Exploits1References2
Rockylinux
Rockylinux
added 2024/11/08 3:56 p.m.13 views

python3.12-urllib3 security update

An update is available for python3.12-urllib3. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list urllib3 is a powerful, user-friendly HTTP client for Python. urlli...

6.5CVSS5.3AI score0.01141EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2024/11/05 5:49 p.m.3 views

urllib3: proxy-authorization request header is not stripped during cross-origin redirects

A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the Proxy-Authorization HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects...

6.5CVSS6.7AI score0.01141EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2024/11/05 2:46 a.m.6 views

urllib3: proxy-authorization request header is not stripped during cross-origin redirects

A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the Proxy-Authorization HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects...

6.5CVSS6.7AI score0.01141EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2024/11/05 2:35 a.m.4 views

urllib3: proxy-authorization request header is not stripped during cross-origin redirects

A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the Proxy-Authorization HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects...

6.5CVSS6.7AI score0.01141EPSS
Exploits1References4
Rows per page
Query Builder