Lucene search
K

534 matches found

OSV
OSV
added 2014/10/15 2:55 p.m.1 views

DEBIAN-CVE-2014-1830

Requests aka python-requests before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request...

5CVSS8.8AI score0.02036EPSS
Exploits0References1
PyPA
PyPA
added 2014/10/15 2:55 p.m.6 views

PYSEC-2014-14

Requests aka python-requests before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request...

5CVSS6.6AI score0.02036EPSS
Exploits0References7Affected Software1
Prion
Prion
added 2014/10/15 2:55 p.m.30 views

Design/Logic Flaw

Requests aka python-requests before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request...

5CVSS6.4AI score0.02036EPSS
Exploits0References6Affected Software2
OSV
OSV
added 2014/10/15 2:55 p.m.30 views

PYSEC-2014-14

Requests aka python-requests before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request...

5CVSS4.3AI score0.02036EPSS
Exploits0References7
CVE
CVE
added 2014/10/15 2:0 p.m.118 views

CVE-2014-1830

CVE-2014-1830 affects python-requests (Requests). The issue arises when a redirect occurs: the Proxy-Authorization header is not re-evaluated for the new request, allowing a remote server to leak sensitive information. Public advisories (e.g., openSUSE-2016-98) note this CVE and indicate a securi...

5CVSS5.8AI score0.02036EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2014/10/15 2:0 p.m.36 views

CVE-2014-1830

Requests aka python-requests before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request...

5.7AI score0.02036EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2014/10/15 2:0 p.m.24 views

CVE-2014-1830

Requests aka python-requests before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request...

5CVSS5.9AI score0.02036EPSS
Exploits0
OSV
OSV
added 2014/10/09 2:39 p.m.5 views

MGASA-2014-0409 Updated python-requests packages fix security vulnerabilities

Updated python-requests packages fix security vulnerability: Python-requests was found to have a vulnerability, where the attacker can retrieve the passwords from /.netrc file through redirect requests, if the user has their passwords stored in the /.netrc file CVE-2014-1829. It was discovered th...

5CVSS9.3AI score0.022EPSS
Exploits0References4
Mageia
Mageia
added 2014/10/09 2:39 p.m.47 views

Updated python-requests packages fix security vulnerabilities

Updated python-requests packages fix security vulnerability: Python-requests was found to have a vulnerability, where the attacker can retrieve the passwords from /.netrc file through redirect requests, if the user has their passwords stored in the /.netrc file CVE-2014-1829. It was discovered th...

5CVSS6.2AI score0.022EPSS
Exploits0References3
OSV
OSV
added 2014/09/19 12:0 a.m.2 views

UBUNTU-CVE-2014-1830

Requests aka python-requests before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request...

5CVSS7.3AI score0.02036EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2013/04/12 12:0 a.m.30 views

Privoxy < 3.0.21 Multiple Information Disclosure Vulnerabilities

According to its self-identified version number, the Privoxy installed on the remote host is a version prior to 3.0.21. It is, therefore, affected by multiple information disclosure vulnerabilities due to the application not properly handling Proxy-Authenticate and Proxy-Authorization headers. Th...

5.8CVSS7.5AI score0.04632EPSS
Exploits2References3
NVD
NVD
added 2013/03/11 5:55 p.m.22 views

CVE-2013-2503

Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 aka Proxy Authentication Required HTTP status code...

5.8CVSS7.3AI score0.04632EPSS
Exploits2References3
UbuntuCve
UbuntuCve
added 2013/03/11 5:55 p.m.28 views

CVE-2013-2503

Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 aka Proxy Authentication Required HTTP status code...

5.8CVSS7.1AI score0.04632EPSS
Exploits2References3
Prion
Prion
added 2013/03/11 5:55 p.m.18 views

Code injection

Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 aka Proxy Authentication Required HTTP status code...

5.8CVSS6.9AI score0.04632EPSS
Exploits2References3Affected Software1
Cvelist
Cvelist
added 2013/03/11 5:0 p.m.49 views

CVE-2013-2503

Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 aka Proxy Authentication Required HTTP status code...

6.2AI score0.04632EPSS
Exploits2References3
NVD
NVD
added 2011/08/18 6:55 p.m.17 views

CVE-2011-2990

The implementation of Content Security Policy CSP violation reports in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not remove proxy-authorization credentials from the listed request headers, which allows attackers to obtain sensitive information by...

5CVSS5.8AI score0.00961EPSS
Exploits1References6
Prion
Prion
added 2011/08/18 6:55 p.m.21 views

Design/Logic Flaw

The implementation of Content Security Policy CSP violation reports in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not remove proxy-authorization credentials from the listed request headers, which allows attackers to obtain sensitive information by...

5CVSS6.4AI score0.00961EPSS
Exploits1References6Affected Software2
CVE
CVE
added 2011/08/18 6:0 p.m.102 views

CVE-2011-2990

The CVE-2011-2990 vulnerability affects Mozilla Firefox 4.x–5 and SeaMonkey 2.x (before 2.3) where Content Security Policy (CSP) violation reports do not strip proxy-authorization credentials from the request headers, enabling potential leakage of credentials when a CSP report is read. The issue ...

5CVSS8.9AI score0.00961EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2011/08/18 6:0 p.m.20 views

CVE-2011-2990

The implementation of Content Security Policy CSP violation reports in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not remove proxy-authorization credentials from the listed request headers, which allows attackers to obtain sensitive information by...

9.2AI score0.00961EPSS
Exploits1References6
UbuntuCve
UbuntuCve
added 2011/08/17 12:0 a.m.22 views

CVE-2011-2990

The implementation of Content Security Policy CSP violation reports in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not remove proxy-authorization credentials from the listed request headers, which allows attackers to obtain sensitive information by...

5CVSS7.2AI score0.00961EPSS
Exploits1References2
Rows per page
Query Builder