175 matches found
SUSE CVE-2014-1830
Requests aka python-requests before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request...
GHSA-9X8M-2XPF-CRP3 Scrapy before 2.6.2 and 1.8.3 vulnerable to one proxy sending credentials to another
Impact When the built-in HTTP proxy downloader middleware processes a request with proxy metadata, and that proxy metadata includes proxy credentials, the built-in HTTP proxy downloader middleware sets the Proxy-Authentication header, but only if that header is not already set. There are...
Exposure of Sensitive Information to an Unauthorized Actor in Requests
Requests aka python-requests before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request...
Type confusion
beforeupstreamconnection in AuthPlugin in http/proxy/auth.py in proxy.py before 2.3.1 accepts incorrect Proxy-Authorization header data because of a boolean confusion and versus or...
squid: parsing of header Proxy-Authentication leads to memory corruption
An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and qop. Squid checks if this token's value starts with a quote and ends...
DEBIAN-CVE-2019-12525
An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and qop. Squid checks if this token's value starts with a quote and ends...
DEBIAN-CVE-2019-12529
An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines how many bytes will be decoded by iterating over the input and checki...
BSA-2017-377
Security Advisory ID : BSA-2017-377 Component : Apache HTTPD Revision : 3.0: Final In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in Proxy-Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by...
CVE-2014-1830
Requests aka python-requests before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request...
DEBIAN-CVE-2014-1830
Requests aka python-requests before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request...
PYSEC-2014-14
Requests aka python-requests before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request...
MGASA-2014-0409 Updated python-requests packages fix security vulnerabilities
Updated python-requests packages fix security vulnerability: Python-requests was found to have a vulnerability, where the attacker can retrieve the passwords from /.netrc file through redirect requests, if the user has their passwords stored in the /.netrc file CVE-2014-1829. It was discovered th...
UBUNTU-CVE-2014-1830
Requests aka python-requests before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request...
DEBIAN-CVE-2011-1498
Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header...
Trend micro - IWSVA/IWSS - Authorization module password leak
There is possbile get username and password from "Proxy-Authorization" header, which is not correctly removed when authorization header sends WMP. Requirements: - IWSVA/IWSS basic authorization on - Client is using WMP 8-11 as video player - Standalone proxy if upstream proxy is used,...