534 matches found
DEBIAN-CVE-2014-1830
Requests aka python-requests before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request...
PYSEC-2014-14
Requests aka python-requests before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request...
Design/Logic Flaw
Requests aka python-requests before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request...
PYSEC-2014-14
Requests aka python-requests before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request...
CVE-2014-1830
CVE-2014-1830 affects python-requests (Requests). The issue arises when a redirect occurs: the Proxy-Authorization header is not re-evaluated for the new request, allowing a remote server to leak sensitive information. Public advisories (e.g., openSUSE-2016-98) note this CVE and indicate a securi...
CVE-2014-1830
Requests aka python-requests before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request...
CVE-2014-1830
Requests aka python-requests before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request...
MGASA-2014-0409 Updated python-requests packages fix security vulnerabilities
Updated python-requests packages fix security vulnerability: Python-requests was found to have a vulnerability, where the attacker can retrieve the passwords from /.netrc file through redirect requests, if the user has their passwords stored in the /.netrc file CVE-2014-1829. It was discovered th...
Updated python-requests packages fix security vulnerabilities
Updated python-requests packages fix security vulnerability: Python-requests was found to have a vulnerability, where the attacker can retrieve the passwords from /.netrc file through redirect requests, if the user has their passwords stored in the /.netrc file CVE-2014-1829. It was discovered th...
UBUNTU-CVE-2014-1830
Requests aka python-requests before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request...
Privoxy < 3.0.21 Multiple Information Disclosure Vulnerabilities
According to its self-identified version number, the Privoxy installed on the remote host is a version prior to 3.0.21. It is, therefore, affected by multiple information disclosure vulnerabilities due to the application not properly handling Proxy-Authenticate and Proxy-Authorization headers. Th...
CVE-2013-2503
Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 aka Proxy Authentication Required HTTP status code...
CVE-2013-2503
Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 aka Proxy Authentication Required HTTP status code...
Code injection
Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 aka Proxy Authentication Required HTTP status code...
CVE-2013-2503
Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 aka Proxy Authentication Required HTTP status code...
CVE-2011-2990
The implementation of Content Security Policy CSP violation reports in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not remove proxy-authorization credentials from the listed request headers, which allows attackers to obtain sensitive information by...
Design/Logic Flaw
The implementation of Content Security Policy CSP violation reports in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not remove proxy-authorization credentials from the listed request headers, which allows attackers to obtain sensitive information by...
CVE-2011-2990
The CVE-2011-2990 vulnerability affects Mozilla Firefox 4.x–5 and SeaMonkey 2.x (before 2.3) where Content Security Policy (CSP) violation reports do not strip proxy-authorization credentials from the request headers, enabling potential leakage of credentials when a CSP report is read. The issue ...
CVE-2011-2990
The implementation of Content Security Policy CSP violation reports in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not remove proxy-authorization credentials from the listed request headers, which allows attackers to obtain sensitive information by...
CVE-2011-2990
The implementation of Content Security Policy CSP violation reports in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not remove proxy-authorization credentials from the listed request headers, which allows attackers to obtain sensitive information by...