Lucene search
K

175 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 5:30 a.m.3 views

SUSE CVE-2014-1830

Requests aka python-requests before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request...

5CVSS6.6AI score0.02036EPSS
Exploits0References11
OSV
OSV
added 2022/07/29 10:26 p.m.1 views

GHSA-9X8M-2XPF-CRP3 Scrapy before 2.6.2 and 1.8.3 vulnerable to one proxy sending credentials to another

Impact When the built-in HTTP proxy downloader middleware processes a request with proxy metadata, and that proxy metadata includes proxy credentials, the built-in HTTP proxy downloader middleware sets the Proxy-Authentication header, but only if that header is not already set. There are...

5.9AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/14 2:9 a.m.25 views

Exposure of Sensitive Information to an Unauthorized Actor in Requests

Requests aka python-requests before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request...

5CVSS5.9AI score0.02036EPSS
Exploits0References11Affected Software1
Prion
Prion
added 2021/01/11 5:15 a.m.15 views

Type confusion

beforeupstreamconnection in AuthPlugin in http/proxy/auth.py in proxy.py before 2.3.1 accepts incorrect Proxy-Authorization header data because of a boolean confusion and versus or...

5CVSS7.5AI score0.01673EPSS
Exploits1References3Affected Software1
RedHat Linux
RedHat Linux
added 2020/05/06 1:53 p.m.6 views

squid: parsing of header Proxy-Authentication leads to memory corruption

An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and qop. Squid checks if this token's value starts with a quote and ends...

9.8CVSS5.8AI score0.24401EPSS
Exploits0References5
OSV
OSV
added 2019/07/11 7:15 p.m.3 views

DEBIAN-CVE-2019-12525

An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and qop. Squid checks if this token's value starts with a quote and ends...

9.8CVSS6.5AI score0.24401EPSS
Exploits0References1
OSV
OSV
added 2019/07/11 7:15 p.m.1 views

DEBIAN-CVE-2019-12529

An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines how many bytes will be decoded by iterating over the input and checki...

5.9CVSS6.9AI score0.08092EPSS
Exploits0References1
Broadcom
Broadcom
added 2017/08/25 12:0 a.m.7 views

BSA-2017-377

Security Advisory ID : BSA-2017-377 Component : Apache HTTPD Revision : 3.0: Final In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in Proxy-Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by...

9.1CVSS9.4AI score0.5677EPSS
Exploits0
NVD
NVD
added 2014/10/15 2:55 p.m.24 views

CVE-2014-1830

Requests aka python-requests before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request...

5CVSS5.9AI score0.02036EPSS
Exploits0References6
OSV
OSV
added 2014/10/15 2:55 p.m.1 views

DEBIAN-CVE-2014-1830

Requests aka python-requests before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request...

5CVSS8.8AI score0.02036EPSS
Exploits0References1
PyPA
PyPA
added 2014/10/15 2:55 p.m.6 views

PYSEC-2014-14

Requests aka python-requests before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request...

5CVSS6.6AI score0.02036EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2014/10/09 2:39 p.m.6 views

MGASA-2014-0409 Updated python-requests packages fix security vulnerabilities

Updated python-requests packages fix security vulnerability: Python-requests was found to have a vulnerability, where the attacker can retrieve the passwords from /.netrc file through redirect requests, if the user has their passwords stored in the /.netrc file CVE-2014-1829. It was discovered th...

5CVSS9.3AI score0.022EPSS
Exploits0References4
OSV
OSV
added 2014/09/19 12:0 a.m.4 views

UBUNTU-CVE-2014-1830

Requests aka python-requests before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request...

5CVSS7.3AI score0.02036EPSS
Exploits0References5
OSV
OSV
added 2011/07/07 9:55 p.m.1 views

DEBIAN-CVE-2011-1498

Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header...

4.3CVSS9AI score0.06685EPSS
Exploits0References1
securityvulns
securityvulns
added 2009/02/10 12:0 a.m.77 views

Trend micro - IWSVA/IWSS - Authorization module password leak

There is possbile get username and password from "Proxy-Authorization" header, which is not correctly removed when authorization header sends WMP. Requirements: - IWSVA/IWSS basic authorization on - Client is using WMP 8-11 as video player - Standalone proxy if upstream proxy is used,...

0.2AI score
Exploits0
Rows per page
Query Builder