Vulnerabilities > CVE-2018-18074 - Insufficiently Protected Credentials vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
python
canonical
opensuse
redhat
CWE-522
nessus
NVD
Published: 2018-10-09
Updated: 2022-07-25

Summary

The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.

Vulnerable Configurations

Part Description Count
Application
Python
136
OS
Canonical
4
OS
Opensuse
1
OS
Redhat
3

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Session Sidejacking
    Session sidejacking takes advantage of an unencrypted communication channel between a victim and target system. The attacker sniffs traffic on a network looking for session tokens in unencrypted traffic. Once a session token is captured, the attacker performs malicious actions by using the stolen token with the targeted application to impersonate the victim. This attack is a specific method of session hijacking, which is exploiting a valid session token to gain unauthorized access to a target system or information. Other methods to perform a session hijacking are session fixation, cross-site scripting, or compromising a user or server machine and stealing the session token.
  • Lifting credential(s)/key material embedded in client distributions (thick or thin)
    An attacker examines a target application's code or configuration files to find credential or key material that has been embedded within the application or its files. Many services require authentication with their users for the various purposes including billing, access control or attribution. Some client applications store the user's authentication credentials or keys to accelerate the login process. Some clients may have built-in keys or credentials (in which case the server is authenticating with the client, rather than the user). If the attacker is able to locate where this information is stored, they may be able to retrieve these credentials. The attacker could then use these stolen credentials to impersonate the user or client, respectively, in interactions with the service or use stolen keys to eavesdrop on nominally secure communications between the client and server.
  • Password Recovery Exploitation
    An attacker may take advantage of the application feature to help users recover their forgotten passwords in order to gain access into the system with the same privileges as the original user. Generally password recovery schemes tend to be weak and insecure. Most of them use only one security question . For instance, mother's maiden name tends to be a fairly popular one. Unfortunately in many cases this information is not very hard to find, especially if the attacker knows the legitimate user. These generic security questions are also re-used across many applications, thus making them even more insecure. An attacker could for instance overhear a coworker talking to a bank representative at the work place and supplying their mother's maiden name for verification purposes. An attacker can then try to log in into one of the victim's accounts, click on "forgot password" and there is a good chance that the security question there will be to provide mother's maiden name. A weak password recovery scheme totally undermines the effectiveness of a strong password scheme.

Nessus

  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2019-1334.NASL
    descriptionA credentials-exposure flaw was found in python-requests, where if a request with authentication is redirected (302) from an HTTPS endpoint to an HTTP endpoint on the same host, the Authorization header is not stripped and the credentials can be read in plain text. A man-in-the-middle attacker could exploit this flaw to obtain a user
    last seen2020-06-01
    modified2020-06-02
    plugin id130230
    published2019-10-25
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130230
    titleAmazon Linux 2 : python-requests (ALAS-2019-1334)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1947.NASL
    descriptionAccording to the version of the python-requests package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - A credentials-exposure flaw was found in python-requests, where if a request with authentication is redirected (302) from an HTTPS endpoint to an HTTP endpoint on the same host, the Authorization header is not stripped and the credentials can be read in plain text. A man-in-the-middle attacker could exploit this flaw to obtain a user
    last seen2020-06-01
    modified2020-06-02
    plugin id128950
    published2019-09-17
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128950
    titleEulerOS Virtualization for ARM 64 3.0.2.0 : python-requests (EulerOS-SA-2019-1947)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-0851.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:0851 advisory. - python-requests: Redirect from HTTPS to HTTP does not remove Authorization header (CVE-2018-18074) - python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) - python-urllib3: CRLF injection due to not encoding the
    last seen2020-04-23
    modified2020-03-18
    plugin id134676
    published2020-03-18
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134676
    titleRHEL 7 : python-virtualenv (RHSA-2020:0851)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3790-1.NASL
    descriptionIt was discovered that Requests incorrectly handled certain HTTP headers. An attacker could possibly use this issue to access sensitive information. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id118142
    published2018-10-16
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118142
    titleUbuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : requests vulnerability (USN-3790-1)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0230_PYTHON-REQUESTS.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has python-requests packages installed that are affected by a vulnerability: - The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network. (CVE-2018-18074) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id132462
    published2019-12-31
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132462
    titleNewStart CGSL CORE 5.05 / MAIN 5.05 : python-requests Vulnerability (NS-SA-2019-0230)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-0555-1.NASL
    descriptionThis update for python-aws-sam-translator, python-boto3, python-botocore, python-cfn-lint, python-jsonschema, python-nose2, python-parameterized, python-pathlib2, python-pytest-cov, python-requests, python-s3transfer, python-jsonpatch, python-jsonpointer, python-scandir, python-PyYAML fixes the following issues : python-cfn-lint was included as a new package in 0.21.4. python-aws-sam-translator was updated to 1.11.0 : - Add ReservedConcurrentExecutions to globals - Fix ElasticsearchHttpPostPolicy resource reference - Support using AWS::Region in Ref and Sub - Documentation and examples updates - Add VersionDescription property to Serverless::Function - Update ServerlessRepoReadWriteAccessPolicy - Add additional template validation Upgrade to 1.10.0 : - Add GSIs to DynamoDBReadPolicy and DynamoDBCrudPolicy - Add DynamoDBReconfigurePolicy - Add CostExplorerReadOnlyPolicy and OrganizationsListAccountsPolicy - Add EKSDescribePolicy - Add SESBulkTemplatedCrudPolicy - Add FilterLogEventsPolicy - Add SSMParameterReadPolicy - Add SESEmailTemplateCrudPolicy - Add s3:PutObjectAcl to S3CrudPolicy - Add allow_credentials CORS option - Add support for AccessLogSetting and CanarySetting Serverless::Api properties - Add support for X-Ray in Serverless::Api - Add support for MinimumCompressionSize in Serverless::Api - Add Auth to Serverless::Api globals - Remove trailing slashes from APIGW permissions - Add SNS FilterPolicy and an example application - Add Enabled property to Serverless::Function event sources - Add support for PermissionsBoundary in Serverless::Function - Fix boto3 client initialization - Add PublicAccessBlockConfiguration property to S3 bucket resource - Make PAY_PER_REQUEST default mode for Serverless::SimpleTable - Add limited support for resolving intrinsics in Serverless::LayerVersion - SAM now uses Flake8 - Add example application for S3 Events written in Go - Updated several example applications Initial build + Version 1.9.0 Add patch to drop compatible releases operator from setup.py, required for SLES12 as the setuptools version is too old + ast_drop-compatible-releases-operator.patch python-jsonschema was updated to 2.6.0: Improved performance on CPython by adding caching around ref resolution Update to version 2.5.0: Improved performance on CPython by adding caching around ref resolution (#203) Update to version 2.4.0: Added a CLI (#134) Added absolute path and absolute schema path to errors (#120) Added ``relevance`` Meta-schemas are now loaded via ``pkgutil`` Added ``by_relevance`` and ``best_match`` (#91) Fixed ``format`` to allow adding formats for non-strings (#125) Fixed the ``uri`` format to reject URI references (#131) Install /usr/bin/jsonschema with update-alternatives support python-nose2 was updated to 0.9.1: the prof plugin now uses cProfile instead of hotshot for profiling skipped tests now include the user
    last seen2020-03-18
    modified2020-03-06
    plugin id134285
    published2020-03-06
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134285
    titleSUSE SLES12 Security Update : python-aws-sam-translator, python-boto3, python-botocore, python-cfn-lint, python-jsonschema, python-nose2, python-parameterized, python-pathlib2, python-pytest-cov, python-requests, python-s3transfer (SUSE-SU-2020:0555-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1429.NASL
    descriptionAccording to the version of the python-requests package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.(CVE-2018-18074) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2020-04-15
    plugin id135558
    published2020-04-15
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135558
    titleEulerOS 2.0 SP3 : python-requests (EulerOS-SA-2020-1429)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-52262A02BE.NASL
    description - Update to v2.20.0 - Includes fix for CVE-2018-18074 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2019-01-03
    plugin id120425
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120425
    titleFedora 29 : python-requests (2018-52262a02be)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1605.NASL
    descriptionThe remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1605 advisory. - The fix leads to a regression (CVE-2018-18074) - python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) - python: Cookie domain check returns incorrect results (CVE-2018-20852) - python-urllib3: CRLF injection due to not encoding the
    last seen2020-05-21
    modified2020-04-28
    plugin id136044
    published2020-04-28
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136044
    titleRHEL 8 : python27:2.7 (RHSA-2020:1605)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_50AD9A9A1E2811E998D70050562A4D7B.NASL
    descriptionThe Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.
    last seen2020-03-18
    modified2019-01-23
    plugin id121324
    published2019-01-23
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121324
    titleFreeBSD : www/py-requests -- Information disclosure vulnerability (50ad9a9a-1e28-11e9-98d7-0050562a4d7b)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2019-2035.NASL
    descriptionAn update for python-requests is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The python-requests package contains a library designed to make HTTP requests easy for developers. Security Fix(es) : * python-requests: Redirect from HTTPS to HTTP does not remove Authorization header (CVE-2018-18074) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id128335
    published2019-08-30
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128335
    titleCentOS 7 : python-requests (CESA-2019:2035)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-9324E844D9.NASL
    description - Update to v2.20.0 - Includes fix for CVE-2018-18074 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2019-01-03
    plugin id120622
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120622
    titleFedora 28 : python-requests (2018-9324e844d9)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1916.NASL
    descriptionThe remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1916 advisory. - python-requests: Redirect from HTTPS to HTTP does not remove Authorization header (CVE-2018-18074) - python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) - python-urllib3: CRLF injection due to not encoding the
    last seen2020-05-03
    modified2020-04-29
    plugin id136112
    published2020-04-29
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136112
    titleRHEL 8 : python-pip (RHSA-2020:1916)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-2035.NASL
    descriptionAn update for python-requests is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The python-requests package contains a library designed to make HTTP requests easy for developers. Security Fix(es) : * python-requests: Redirect from HTTPS to HTTP does not remove Authorization header (CVE-2018-18074) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id127653
    published2019-08-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127653
    titleRHEL 7 : python-requests (RHSA-2019:2035)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1027.NASL
    descriptionAccording to the version of the python-requests packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.(CVE-2018-18074) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-03
    modified2020-01-02
    plugin id132620
    published2020-01-02
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132620
    titleEulerOS 2.0 SP8 : python-requests (EulerOS-SA-2020-1027)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-0850.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:0850 advisory. - python-requests: Redirect from HTTPS to HTTP does not remove Authorization header (CVE-2018-18074) - python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) - python-urllib3: CRLF injection due to not encoding the
    last seen2020-04-23
    modified2020-03-23
    plugin id134826
    published2020-03-23
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134826
    titleRHEL 7 : python-pip (RHSA-2020:0850)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-3_0-0009_PYTHON.NASL
    descriptionAn update of the python package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id126379
    published2019-07-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126379
    titlePhoton OS 3.0: Python PHSA-2019-3.0-0009
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20190806_PYTHON_REQUESTS_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - python-requests: Redirect from HTTPS to HTTP does not remove Authorization header (CVE-2018-18074)
    last seen2020-03-18
    modified2019-08-27
    plugin id128255
    published2019-08-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128255
    titleScientific Linux Security Update : python-requests on SL7.x x86_64 (20190806)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2020-0851.NASL
    descriptionFrom Red Hat Security Advisory 2020:0851 : The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:0851 advisory. - python-requests: Redirect from HTTPS to HTTP does not remove Authorization header (CVE-2018-18074) - python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) - python-urllib3: CRLF injection due to not encoding the
    last seen2020-06-06
    modified2020-03-19
    plugin id134689
    published2020-03-19
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134689
    titleOracle Linux 7 : python-virtualenv (ELSA-2020-0851)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-2068.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2068 advisory. - python-requests: Redirect from HTTPS to HTTP does not remove Authorization header (CVE-2018-18074) - python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) - python-urllib3: CRLF injection due to not encoding the
    last seen2020-05-15
    modified2020-05-12
    plugin id136519
    published2020-05-12
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136519
    titleRHEL 7 : python-pip (RHSA-2020:2068)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2020-0851.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:0851 advisory. - python-requests: Redirect from HTTPS to HTTP does not remove Authorization header (CVE-2018-18074) - python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) - python-urllib3: CRLF injection due to not encoding the
    last seen2020-06-06
    modified2020-03-26
    plugin id134904
    published2020-03-26
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134904
    titleCentOS 7 : python-virtualenv (CESA-2020:0851)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20200512_PYTHON_PIP_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) - python-urllib3: CRLF injection due to not encoding the
    last seen2020-06-06
    modified2020-06-02
    plugin id137038
    published2020-06-02
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137038
    titleScientific Linux Security Update : python-pip on SL7.x (noarch) (20200512)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20200317_PYTHON_PIP_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) - python-urllib3: CRLF injection due to not encoding the
    last seen2020-03-21
    modified2020-03-18
    plugin id134649
    published2020-03-18
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134649
    titleScientific Linux Security Update : python-pip on SL7.x (noarch) (20200317)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0189_PYTHON-REQUESTS.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has python-requests packages installed that are affected by a vulnerability: - The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network. (CVE-2018-18074) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id129889
    published2019-10-15
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129889
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : python-requests Vulnerability (NS-SA-2019-0189)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1043.NASL
    descriptionAccording to the version of the python-requests package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.(CVE-2018-18074) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id132797
    published2020-01-13
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132797
    titleEulerOS Virtualization for ARM 64 3.0.5.0 : python-requests (EulerOS-SA-2020-1043)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1754.NASL
    descriptionThis update for python-requests to version 2.20.1 fixes the following issues : Security issue fixed : - CVE-2018-18074: Fixed an information disclosure vulnerability of the HTTP Authorization header (bsc#1111622). This update was imported from the SUSE:SLE-15-SP1:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id126895
    published2019-07-22
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126895
    titleopenSUSE Security Update : python-requests (openSUSE-2019-1754)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-41320B315A.NASL
    description - Update to v2.20.0 - Includes fix for CVE-2018-18074 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2018-11-14
    plugin id118940
    published2018-11-14
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118940
    titleFedora 27 : python-requests (2018-41320b315a)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2020-0850.NASL
    descriptionFrom Red Hat Security Advisory 2020:0850 : The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:0850 advisory. - python-requests: Redirect from HTTPS to HTTP does not remove Authorization header (CVE-2018-18074) - python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) - python-urllib3: CRLF injection due to not encoding the
    last seen2020-06-06
    modified2020-03-19
    plugin id134688
    published2020-03-19
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134688
    titleOracle Linux 7 : python-pip (ELSA-2020-0850)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20200317_PYTHON_VIRTUALENV_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) - python-urllib3: CRLF injection due to not encoding the
    last seen2020-03-21
    modified2020-03-18
    plugin id134650
    published2020-03-18
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134650
    titleScientific Linux Security Update : python-virtualenv on SL7.x (noarch) (20200317)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1886.NASL
    descriptionAccording to the version of the python-requests package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - python-requests: Redirect from HTTPS to HTTP does not remove Authorization header (CVE-2018-18074) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-09-16
    plugin id128809
    published2019-09-16
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128809
    titleEulerOS 2.0 SP5 : python-requests (EulerOS-SA-2019-1886)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3790-2.NASL
    descriptionUSN-3790-1 fixed vulnerabilities in Requests. This update provides the corresponding update for Ubuntu 18.10 Original advisory details : It was discovered that Requests incorrectly handled certain HTTP headers. An attacker could possibly use this issue to access sensitive information. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id118323
    published2018-10-23
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118323
    titleUbuntu 18.10 : requests vulnerability (USN-3790-2)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-2081.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2081 advisory. - python-requests: Redirect from HTTPS to HTTP does not remove Authorization header (CVE-2018-18074) - python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) - python-urllib3: CRLF injection due to not encoding the
    last seen2020-05-15
    modified2020-05-12
    plugin id136517
    published2020-05-12
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136517
    titleRHEL 7 : python-virtualenv (RHSA-2020:2081)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2020-0850.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:0850 advisory. - python-requests: Redirect from HTTPS to HTTP does not remove Authorization header (CVE-2018-18074) - python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) - python-urllib3: CRLF injection due to not encoding the
    last seen2020-06-06
    modified2020-03-26
    plugin id134903
    published2020-03-26
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134903
    titleCentOS 7 : python-pip (CESA-2020:0850)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20200512_PYTHON_VIRTUALENV_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) - python-urllib3: CRLF injection due to not encoding the
    last seen2020-06-06
    modified2020-06-02
    plugin id137039
    published2020-06-02
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137039
    titleScientific Linux Security Update : python-virtualenv on SL7.x (noarch) (20200512)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2020-1413.NASL
    descriptionurllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext. (CVE-2018-20060) In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter. (CVE-2019-11236) A credentials-exposure flaw was found in python-requests, where if a request with authentication is redirected (302) from an HTTPS endpoint to an HTTP endpoint on the same host, the Authorization header is not stripped and the credentials can be read in plain text. A man-in-the-middle attacker could exploit this flaw to obtain a user
    last seen2020-04-30
    modified2020-04-24
    plugin id135931
    published2020-04-24
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135931
    titleAmazon Linux 2 : python-virtualenv (ALAS-2020-1413)

Redhat

advisories
bugzilla
id1643829
titleCVE-2018-18074 python-requests: Redirect from HTTPS to HTTP does not remove Authorization header
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 7 is installed
      ovaloval:com.redhat.rhba:tst:20150364027
    • commentpython-requests is earlier than 0:2.6.0-5.el7
      ovaloval:com.redhat.rhsa:tst:20192035001
    • commentpython-requests is signed with Red Hat redhatrelease2 key
      ovaloval:com.redhat.rhsa:tst:20192035002
rhsa
idRHSA-2019:2035
released2019-08-06
severityLow
titleRHSA-2019:2035: python-requests security update (Low)
rpms
  • python-requests-0:2.6.0-5.el7
  • python3-pip-0:9.0.3-7.el7_7
  • python-virtualenv-0:15.1.0-4.el7_7
  • Cython-debugsource-0:0.28.1-7.module+el8.1.0+3111+de3f2d8e
  • PyYAML-debugsource-0:3.12-16.module+el8.1.0+3111+de3f2d8e
  • babel-0:2.5.1-9.module+el8.1.0+3111+de3f2d8e
  • numpy-debugsource-1:1.14.2-13.module+el8.1.0+3323+7ac3e00f
  • python-coverage-debugsource-0:4.5.1-4.module+el8.1.0+3111+de3f2d8e
  • python-lxml-debugsource-0:4.2.3-3.module+el8.1.0+3111+de3f2d8e
  • python-nose-docs-0:1.3.7-30.module+el8.1.0+3111+de3f2d8e
  • python-psycopg2-debuginfo-0:2.7.5-7.module+el8.1.0+3111+de3f2d8e
  • python-psycopg2-debugsource-0:2.7.5-7.module+el8.1.0+3111+de3f2d8e
  • python-psycopg2-doc-0:2.7.5-7.module+el8.1.0+3111+de3f2d8e
  • python-pymongo-debuginfo-0:3.6.1-11.module+el8.1.0+3446+c3d52da3
  • python-pymongo-debugsource-0:3.6.1-11.module+el8.1.0+3446+c3d52da3
  • python-sqlalchemy-doc-0:1.3.2-1.module+el8.1.0+2994+98e054d6
  • python2-0:2.7.17-1.module+el8.2.0+4561+f4e0d66a
  • python2-Cython-0:0.28.1-7.module+el8.1.0+3111+de3f2d8e
  • python2-Cython-debuginfo-0:0.28.1-7.module+el8.1.0+3111+de3f2d8e
  • python2-PyMySQL-0:0.8.0-10.module+el8.1.0+3111+de3f2d8e
  • python2-attrs-0:17.4.0-10.module+el8.1.0+3111+de3f2d8e
  • python2-babel-0:2.5.1-9.module+el8.1.0+3111+de3f2d8e
  • python2-backports-0:1.0-15.module+el8.1.0+3111+de3f2d8e
  • python2-backports-ssl_match_hostname-0:3.5.0.1-11.module+el8.1.0+3111+de3f2d8e
  • python2-bson-0:3.6.1-11.module+el8.1.0+3446+c3d52da3
  • python2-bson-debuginfo-0:3.6.1-11.module+el8.1.0+3446+c3d52da3
  • python2-chardet-0:3.0.4-10.module+el8.1.0+3111+de3f2d8e
  • python2-coverage-0:4.5.1-4.module+el8.1.0+3111+de3f2d8e
  • python2-coverage-debuginfo-0:4.5.1-4.module+el8.1.0+3111+de3f2d8e
  • python2-debug-0:2.7.17-1.module+el8.2.0+4561+f4e0d66a
  • python2-debuginfo-0:2.7.17-1.module+el8.2.0+4561+f4e0d66a
  • python2-debugsource-0:2.7.17-1.module+el8.2.0+4561+f4e0d66a
  • python2-devel-0:2.7.17-1.module+el8.2.0+4561+f4e0d66a
  • python2-dns-0:1.15.0-10.module+el8.1.0+3111+de3f2d8e
  • python2-docs-0:2.7.16-2.module+el8.1.0+3111+de3f2d8e
  • python2-docs-info-0:2.7.16-2.module+el8.1.0+3111+de3f2d8e
  • python2-docutils-0:0.14-12.module+el8.1.0+3111+de3f2d8e
  • python2-funcsigs-0:1.0.2-13.module+el8.1.0+3111+de3f2d8e
  • python2-idna-0:2.5-7.module+el8.1.0+3111+de3f2d8e
  • python2-ipaddress-0:1.0.18-6.module+el8.1.0+3111+de3f2d8e
  • python2-jinja2-0:2.10-8.module+el8.1.0+3111+de3f2d8e
  • python2-libs-0:2.7.17-1.module+el8.2.0+4561+f4e0d66a
  • python2-lxml-0:4.2.3-3.module+el8.1.0+3111+de3f2d8e
  • python2-lxml-debuginfo-0:4.2.3-3.module+el8.1.0+3111+de3f2d8e
  • python2-markupsafe-0:0.23-19.module+el8.1.0+3111+de3f2d8e
  • python2-mock-0:2.0.0-13.module+el8.1.0+3111+de3f2d8e
  • python2-nose-0:1.3.7-30.module+el8.1.0+3111+de3f2d8e
  • python2-numpy-1:1.14.2-13.module+el8.1.0+3323+7ac3e00f
  • python2-numpy-debuginfo-1:1.14.2-13.module+el8.1.0+3323+7ac3e00f
  • python2-numpy-doc-1:1.14.2-13.module+el8.1.0+3323+7ac3e00f
  • python2-numpy-f2py-1:1.14.2-13.module+el8.1.0+3323+7ac3e00f
  • python2-pip-0:9.0.3-16.module+el8.2.0+5478+b505947e
  • python2-pip-wheel-0:9.0.3-16.module+el8.2.0+5478+b505947e
  • python2-pluggy-0:0.6.0-8.module+el8.1.0+3111+de3f2d8e
  • python2-psycopg2-0:2.7.5-7.module+el8.1.0+3111+de3f2d8e
  • python2-psycopg2-debug-0:2.7.5-7.module+el8.1.0+3111+de3f2d8e
  • python2-psycopg2-debug-debuginfo-0:2.7.5-7.module+el8.1.0+3111+de3f2d8e
  • python2-psycopg2-debuginfo-0:2.7.5-7.module+el8.1.0+3111+de3f2d8e
  • python2-psycopg2-tests-0:2.7.5-7.module+el8.1.0+3111+de3f2d8e
  • python2-py-0:1.5.3-6.module+el8.1.0+3111+de3f2d8e
  • python2-pygments-0:2.2.0-20.module+el8.1.0+3111+de3f2d8e
  • python2-pymongo-0:3.6.1-11.module+el8.1.0+3446+c3d52da3
  • python2-pymongo-debuginfo-0:3.6.1-11.module+el8.1.0+3446+c3d52da3
  • python2-pymongo-gridfs-0:3.6.1-11.module+el8.1.0+3446+c3d52da3
  • python2-pysocks-0:1.6.8-6.module+el8.1.0+3111+de3f2d8e
  • python2-pytest-0:3.4.2-13.module+el8.1.0+3111+de3f2d8e
  • python2-pytest-mock-0:1.9.0-4.module+el8.1.0+3111+de3f2d8e
  • python2-pytz-0:2017.2-12.module+el8.1.0+3111+de3f2d8e
  • python2-pyyaml-0:3.12-16.module+el8.1.0+3111+de3f2d8e
  • python2-pyyaml-debuginfo-0:3.12-16.module+el8.1.0+3111+de3f2d8e
  • python2-requests-0:2.20.0-3.module+el8.2.0+4577+feefd9b8
  • python2-rpm-macros-0:3-38.module+el8.1.0+3111+de3f2d8e
  • python2-scipy-0:1.0.0-20.module+el8.1.0+3323+7ac3e00f
  • python2-scipy-debuginfo-0:1.0.0-20.module+el8.1.0+3323+7ac3e00f
  • python2-setuptools-0:39.0.1-11.module+el8.1.0+3446+c3d52da3
  • python2-setuptools-wheel-0:39.0.1-11.module+el8.1.0+3446+c3d52da3
  • python2-setuptools_scm-0:1.15.7-6.module+el8.1.0+3111+de3f2d8e
  • python2-six-0:1.11.0-5.module+el8.1.0+3111+de3f2d8e
  • python2-sqlalchemy-0:1.3.2-1.module+el8.1.0+2994+98e054d6
  • python2-test-0:2.7.17-1.module+el8.2.0+4561+f4e0d66a
  • python2-tkinter-0:2.7.17-1.module+el8.2.0+4561+f4e0d66a
  • python2-tools-0:2.7.17-1.module+el8.2.0+4561+f4e0d66a
  • python2-urllib3-0:1.24.2-1.module+el8.1.0+3280+19512f10
  • python2-virtualenv-0:15.1.0-19.module+el8.1.0+3507+d69c168d
  • python2-wheel-1:0.31.1-2.module+el8.1.0+3725+aac5cd17
  • python2-wheel-wheel-1:0.31.1-2.module+el8.1.0+3725+aac5cd17
  • scipy-debugsource-0:1.0.0-20.module+el8.1.0+3323+7ac3e00f
  • platform-python-pip-0:9.0.3-16.el8
  • python3-pip-0:9.0.3-16.el8
  • python3-pip-wheel-0:9.0.3-16.el8
  • python3-pip-0:9.0.3-7.el7_8
  • python-virtualenv-0:15.1.0-4.el7_8

References