Download
| Alert*
oval:org.secpod.oval:def:601814
python-requests is installed oval:org.secpod.oval:def:601941 Jakub Wilk discovered that in requests, an HTTP library for the Python language, authentication information was improperly handled when a redirect occured. This would allow remote servers to obtain two different types of sensitive information: proxy passwords from the Proxy-Authorization header , or ... oval:org.secpod.oval:def:52326 requests: elegant and simple HTTP library for Python Requests could be made to expose authentication credentials over the network. oval:org.secpod.oval:def:52423 requests: elegant and simple HTTP library for Python Requests could be made to expose cookies over the network. oval:org.secpod.oval:def:702260 requests: elegant and simple HTTP library for Python Requests could be made to expose authentication credentials over the network. oval:org.secpod.oval:def:702452 requests: elegant and simple HTTP library for Python Requests could be made to expose cookies over the network. oval:org.secpod.oval:def:51144 requests: elegant and simple HTTP library for Python Requests could be made to expose sensitive information if it received a specially crafted HTTP header. oval:org.secpod.oval:def:704366 requests: elegant and simple HTTP library for Python Details: USN-3790-1 fixed vulnerabilities in Requests. This update provides the corresponding update for Ubuntu 18.10 Original advisory Requests could be made to expose sensitive information if it received a specially crafted HTTP header. oval:org.secpod.oval:def:704348 requests: elegant and simple HTTP library for Python Requests could be made to expose sensitive information if it received a specially crafted HTTP header. oval:org.secpod.oval:def:2000311 The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network. |