Vulnerabilities > CVE-2018-18074 - Insufficiently Protected Credentials vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Session Sidejacking Session sidejacking takes advantage of an unencrypted communication channel between a victim and target system. The attacker sniffs traffic on a network looking for session tokens in unencrypted traffic. Once a session token is captured, the attacker performs malicious actions by using the stolen token with the targeted application to impersonate the victim. This attack is a specific method of session hijacking, which is exploiting a valid session token to gain unauthorized access to a target system or information. Other methods to perform a session hijacking are session fixation, cross-site scripting, or compromising a user or server machine and stealing the session token.
- Lifting credential(s)/key material embedded in client distributions (thick or thin) An attacker examines a target application's code or configuration files to find credential or key material that has been embedded within the application or its files. Many services require authentication with their users for the various purposes including billing, access control or attribution. Some client applications store the user's authentication credentials or keys to accelerate the login process. Some clients may have built-in keys or credentials (in which case the server is authenticating with the client, rather than the user). If the attacker is able to locate where this information is stored, they may be able to retrieve these credentials. The attacker could then use these stolen credentials to impersonate the user or client, respectively, in interactions with the service or use stolen keys to eavesdrop on nominally secure communications between the client and server.
- Password Recovery Exploitation An attacker may take advantage of the application feature to help users recover their forgotten passwords in order to gain access into the system with the same privileges as the original user. Generally password recovery schemes tend to be weak and insecure. Most of them use only one security question . For instance, mother's maiden name tends to be a fairly popular one. Unfortunately in many cases this information is not very hard to find, especially if the attacker knows the legitimate user. These generic security questions are also re-used across many applications, thus making them even more insecure. An attacker could for instance overhear a coworker talking to a bank representative at the work place and supplying their mother's maiden name for verification purposes. An attacker can then try to log in into one of the victim's accounts, click on "forgot password" and there is a good chance that the security question there will be to provide mother's maiden name. A weak password recovery scheme totally undermines the effectiveness of a strong password scheme.
Nessus
NASL family Amazon Linux Local Security Checks NASL id AL2_ALAS-2019-1334.NASL description A credentials-exposure flaw was found in python-requests, where if a request with authentication is redirected (302) from an HTTPS endpoint to an HTTP endpoint on the same host, the Authorization header is not stripped and the credentials can be read in plain text. A man-in-the-middle attacker could exploit this flaw to obtain a user last seen 2020-06-01 modified 2020-06-02 plugin id 130230 published 2019-10-25 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130230 title Amazon Linux 2 : python-requests (ALAS-2019-1334) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1947.NASL description According to the version of the python-requests package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - A credentials-exposure flaw was found in python-requests, where if a request with authentication is redirected (302) from an HTTPS endpoint to an HTTP endpoint on the same host, the Authorization header is not stripped and the credentials can be read in plain text. A man-in-the-middle attacker could exploit this flaw to obtain a user last seen 2020-06-01 modified 2020-06-02 plugin id 128950 published 2019-09-17 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128950 title EulerOS Virtualization for ARM 64 3.0.2.0 : python-requests (EulerOS-SA-2019-1947) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-0851.NASL description The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:0851 advisory. - python-requests: Redirect from HTTPS to HTTP does not remove Authorization header (CVE-2018-18074) - python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) - python-urllib3: CRLF injection due to not encoding the last seen 2020-04-23 modified 2020-03-18 plugin id 134676 published 2020-03-18 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134676 title RHEL 7 : python-virtualenv (RHSA-2020:0851) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3790-1.NASL description It was discovered that Requests incorrectly handled certain HTTP headers. An attacker could possibly use this issue to access sensitive information. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 118142 published 2018-10-16 reporter Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118142 title Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : requests vulnerability (USN-3790-1) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0230_PYTHON-REQUESTS.NASL description The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has python-requests packages installed that are affected by a vulnerability: - The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network. (CVE-2018-18074) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 132462 published 2019-12-31 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132462 title NewStart CGSL CORE 5.05 / MAIN 5.05 : python-requests Vulnerability (NS-SA-2019-0230) NASL family SuSE Local Security Checks NASL id SUSE_SU-2020-0555-1.NASL description This update for python-aws-sam-translator, python-boto3, python-botocore, python-cfn-lint, python-jsonschema, python-nose2, python-parameterized, python-pathlib2, python-pytest-cov, python-requests, python-s3transfer, python-jsonpatch, python-jsonpointer, python-scandir, python-PyYAML fixes the following issues : python-cfn-lint was included as a new package in 0.21.4. python-aws-sam-translator was updated to 1.11.0 : - Add ReservedConcurrentExecutions to globals - Fix ElasticsearchHttpPostPolicy resource reference - Support using AWS::Region in Ref and Sub - Documentation and examples updates - Add VersionDescription property to Serverless::Function - Update ServerlessRepoReadWriteAccessPolicy - Add additional template validation Upgrade to 1.10.0 : - Add GSIs to DynamoDBReadPolicy and DynamoDBCrudPolicy - Add DynamoDBReconfigurePolicy - Add CostExplorerReadOnlyPolicy and OrganizationsListAccountsPolicy - Add EKSDescribePolicy - Add SESBulkTemplatedCrudPolicy - Add FilterLogEventsPolicy - Add SSMParameterReadPolicy - Add SESEmailTemplateCrudPolicy - Add s3:PutObjectAcl to S3CrudPolicy - Add allow_credentials CORS option - Add support for AccessLogSetting and CanarySetting Serverless::Api properties - Add support for X-Ray in Serverless::Api - Add support for MinimumCompressionSize in Serverless::Api - Add Auth to Serverless::Api globals - Remove trailing slashes from APIGW permissions - Add SNS FilterPolicy and an example application - Add Enabled property to Serverless::Function event sources - Add support for PermissionsBoundary in Serverless::Function - Fix boto3 client initialization - Add PublicAccessBlockConfiguration property to S3 bucket resource - Make PAY_PER_REQUEST default mode for Serverless::SimpleTable - Add limited support for resolving intrinsics in Serverless::LayerVersion - SAM now uses Flake8 - Add example application for S3 Events written in Go - Updated several example applications Initial build + Version 1.9.0 Add patch to drop compatible releases operator from setup.py, required for SLES12 as the setuptools version is too old + ast_drop-compatible-releases-operator.patch python-jsonschema was updated to 2.6.0: Improved performance on CPython by adding caching around ref resolution Update to version 2.5.0: Improved performance on CPython by adding caching around ref resolution (#203) Update to version 2.4.0: Added a CLI (#134) Added absolute path and absolute schema path to errors (#120) Added ``relevance`` Meta-schemas are now loaded via ``pkgutil`` Added ``by_relevance`` and ``best_match`` (#91) Fixed ``format`` to allow adding formats for non-strings (#125) Fixed the ``uri`` format to reject URI references (#131) Install /usr/bin/jsonschema with update-alternatives support python-nose2 was updated to 0.9.1: the prof plugin now uses cProfile instead of hotshot for profiling skipped tests now include the user last seen 2020-03-18 modified 2020-03-06 plugin id 134285 published 2020-03-06 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134285 title SUSE SLES12 Security Update : python-aws-sam-translator, python-boto3, python-botocore, python-cfn-lint, python-jsonschema, python-nose2, python-parameterized, python-pathlib2, python-pytest-cov, python-requests, python-s3transfer (SUSE-SU-2020:0555-1) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1429.NASL description According to the version of the python-requests package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.(CVE-2018-18074) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2020-04-15 plugin id 135558 published 2020-04-15 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135558 title EulerOS 2.0 SP3 : python-requests (EulerOS-SA-2020-1429) NASL family Fedora Local Security Checks NASL id FEDORA_2018-52262A02BE.NASL description - Update to v2.20.0 - Includes fix for CVE-2018-18074 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2019-01-03 plugin id 120425 published 2019-01-03 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120425 title Fedora 29 : python-requests (2018-52262a02be) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-1605.NASL description The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1605 advisory. - The fix leads to a regression (CVE-2018-18074) - python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) - python: Cookie domain check returns incorrect results (CVE-2018-20852) - python-urllib3: CRLF injection due to not encoding the last seen 2020-05-21 modified 2020-04-28 plugin id 136044 published 2020-04-28 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136044 title RHEL 8 : python27:2.7 (RHSA-2020:1605) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_50AD9A9A1E2811E998D70050562A4D7B.NASL description The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network. last seen 2020-03-18 modified 2019-01-23 plugin id 121324 published 2019-01-23 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121324 title FreeBSD : www/py-requests -- Information disclosure vulnerability (50ad9a9a-1e28-11e9-98d7-0050562a4d7b) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2019-2035.NASL description An update for python-requests is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The python-requests package contains a library designed to make HTTP requests easy for developers. Security Fix(es) : * python-requests: Redirect from HTTPS to HTTP does not remove Authorization header (CVE-2018-18074) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 128335 published 2019-08-30 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128335 title CentOS 7 : python-requests (CESA-2019:2035) NASL family Fedora Local Security Checks NASL id FEDORA_2018-9324E844D9.NASL description - Update to v2.20.0 - Includes fix for CVE-2018-18074 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2019-01-03 plugin id 120622 published 2019-01-03 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120622 title Fedora 28 : python-requests (2018-9324e844d9) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-1916.NASL description The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1916 advisory. - python-requests: Redirect from HTTPS to HTTP does not remove Authorization header (CVE-2018-18074) - python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) - python-urllib3: CRLF injection due to not encoding the last seen 2020-05-03 modified 2020-04-29 plugin id 136112 published 2020-04-29 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136112 title RHEL 8 : python-pip (RHSA-2020:1916) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-2035.NASL description An update for python-requests is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The python-requests package contains a library designed to make HTTP requests easy for developers. Security Fix(es) : * python-requests: Redirect from HTTPS to HTTP does not remove Authorization header (CVE-2018-18074) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 127653 published 2019-08-12 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127653 title RHEL 7 : python-requests (RHSA-2019:2035) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1027.NASL description According to the version of the python-requests packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.(CVE-2018-18074) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-03 modified 2020-01-02 plugin id 132620 published 2020-01-02 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132620 title EulerOS 2.0 SP8 : python-requests (EulerOS-SA-2020-1027) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-0850.NASL description The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:0850 advisory. - python-requests: Redirect from HTTPS to HTTP does not remove Authorization header (CVE-2018-18074) - python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) - python-urllib3: CRLF injection due to not encoding the last seen 2020-04-23 modified 2020-03-23 plugin id 134826 published 2020-03-23 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134826 title RHEL 7 : python-pip (RHSA-2020:0850) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-3_0-0009_PYTHON.NASL description An update of the python package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 126379 published 2019-07-02 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126379 title Photon OS 3.0: Python PHSA-2019-3.0-0009 NASL family Scientific Linux Local Security Checks NASL id SL_20190806_PYTHON_REQUESTS_ON_SL7_X.NASL description Security Fix(es) : - python-requests: Redirect from HTTPS to HTTP does not remove Authorization header (CVE-2018-18074) last seen 2020-03-18 modified 2019-08-27 plugin id 128255 published 2019-08-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128255 title Scientific Linux Security Update : python-requests on SL7.x x86_64 (20190806) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2020-0851.NASL description From Red Hat Security Advisory 2020:0851 : The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:0851 advisory. - python-requests: Redirect from HTTPS to HTTP does not remove Authorization header (CVE-2018-18074) - python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) - python-urllib3: CRLF injection due to not encoding the last seen 2020-06-06 modified 2020-03-19 plugin id 134689 published 2020-03-19 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134689 title Oracle Linux 7 : python-virtualenv (ELSA-2020-0851) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-2068.NASL description The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2068 advisory. - python-requests: Redirect from HTTPS to HTTP does not remove Authorization header (CVE-2018-18074) - python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) - python-urllib3: CRLF injection due to not encoding the last seen 2020-05-15 modified 2020-05-12 plugin id 136519 published 2020-05-12 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136519 title RHEL 7 : python-pip (RHSA-2020:2068) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2020-0851.NASL description The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:0851 advisory. - python-requests: Redirect from HTTPS to HTTP does not remove Authorization header (CVE-2018-18074) - python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) - python-urllib3: CRLF injection due to not encoding the last seen 2020-06-06 modified 2020-03-26 plugin id 134904 published 2020-03-26 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134904 title CentOS 7 : python-virtualenv (CESA-2020:0851) NASL family Scientific Linux Local Security Checks NASL id SL_20200512_PYTHON_PIP_ON_SL7_X.NASL description Security Fix(es) : - python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) - python-urllib3: CRLF injection due to not encoding the last seen 2020-06-06 modified 2020-06-02 plugin id 137038 published 2020-06-02 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137038 title Scientific Linux Security Update : python-pip on SL7.x (noarch) (20200512) NASL family Scientific Linux Local Security Checks NASL id SL_20200317_PYTHON_PIP_ON_SL7_X.NASL description Security Fix(es) : - python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) - python-urllib3: CRLF injection due to not encoding the last seen 2020-03-21 modified 2020-03-18 plugin id 134649 published 2020-03-18 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134649 title Scientific Linux Security Update : python-pip on SL7.x (noarch) (20200317) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0189_PYTHON-REQUESTS.NASL description The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has python-requests packages installed that are affected by a vulnerability: - The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network. (CVE-2018-18074) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 129889 published 2019-10-15 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129889 title NewStart CGSL CORE 5.04 / MAIN 5.04 : python-requests Vulnerability (NS-SA-2019-0189) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1043.NASL description According to the version of the python-requests package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.(CVE-2018-18074) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 132797 published 2020-01-13 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132797 title EulerOS Virtualization for ARM 64 3.0.5.0 : python-requests (EulerOS-SA-2020-1043) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1754.NASL description This update for python-requests to version 2.20.1 fixes the following issues : Security issue fixed : - CVE-2018-18074: Fixed an information disclosure vulnerability of the HTTP Authorization header (bsc#1111622). This update was imported from the SUSE:SLE-15-SP1:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 126895 published 2019-07-22 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126895 title openSUSE Security Update : python-requests (openSUSE-2019-1754) NASL family Fedora Local Security Checks NASL id FEDORA_2018-41320B315A.NASL description - Update to v2.20.0 - Includes fix for CVE-2018-18074 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-11-14 plugin id 118940 published 2018-11-14 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118940 title Fedora 27 : python-requests (2018-41320b315a) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2020-0850.NASL description From Red Hat Security Advisory 2020:0850 : The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:0850 advisory. - python-requests: Redirect from HTTPS to HTTP does not remove Authorization header (CVE-2018-18074) - python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) - python-urllib3: CRLF injection due to not encoding the last seen 2020-06-06 modified 2020-03-19 plugin id 134688 published 2020-03-19 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134688 title Oracle Linux 7 : python-pip (ELSA-2020-0850) NASL family Scientific Linux Local Security Checks NASL id SL_20200317_PYTHON_VIRTUALENV_ON_SL7_X.NASL description Security Fix(es) : - python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) - python-urllib3: CRLF injection due to not encoding the last seen 2020-03-21 modified 2020-03-18 plugin id 134650 published 2020-03-18 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134650 title Scientific Linux Security Update : python-virtualenv on SL7.x (noarch) (20200317) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1886.NASL description According to the version of the python-requests package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - python-requests: Redirect from HTTPS to HTTP does not remove Authorization header (CVE-2018-18074) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-09-16 plugin id 128809 published 2019-09-16 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128809 title EulerOS 2.0 SP5 : python-requests (EulerOS-SA-2019-1886) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3790-2.NASL description USN-3790-1 fixed vulnerabilities in Requests. This update provides the corresponding update for Ubuntu 18.10 Original advisory details : It was discovered that Requests incorrectly handled certain HTTP headers. An attacker could possibly use this issue to access sensitive information. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 118323 published 2018-10-23 reporter Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118323 title Ubuntu 18.10 : requests vulnerability (USN-3790-2) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-2081.NASL description The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2081 advisory. - python-requests: Redirect from HTTPS to HTTP does not remove Authorization header (CVE-2018-18074) - python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) - python-urllib3: CRLF injection due to not encoding the last seen 2020-05-15 modified 2020-05-12 plugin id 136517 published 2020-05-12 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136517 title RHEL 7 : python-virtualenv (RHSA-2020:2081) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2020-0850.NASL description The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:0850 advisory. - python-requests: Redirect from HTTPS to HTTP does not remove Authorization header (CVE-2018-18074) - python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) - python-urllib3: CRLF injection due to not encoding the last seen 2020-06-06 modified 2020-03-26 plugin id 134903 published 2020-03-26 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134903 title CentOS 7 : python-pip (CESA-2020:0850) NASL family Scientific Linux Local Security Checks NASL id SL_20200512_PYTHON_VIRTUALENV_ON_SL7_X.NASL description Security Fix(es) : - python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) - python-urllib3: CRLF injection due to not encoding the last seen 2020-06-06 modified 2020-06-02 plugin id 137039 published 2020-06-02 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137039 title Scientific Linux Security Update : python-virtualenv on SL7.x (noarch) (20200512) NASL family Amazon Linux Local Security Checks NASL id AL2_ALAS-2020-1413.NASL description urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext. (CVE-2018-20060) In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter. (CVE-2019-11236) A credentials-exposure flaw was found in python-requests, where if a request with authentication is redirected (302) from an HTTPS endpoint to an HTTP endpoint on the same host, the Authorization header is not stripped and the credentials can be read in plain text. A man-in-the-middle attacker could exploit this flaw to obtain a user last seen 2020-04-30 modified 2020-04-24 plugin id 135931 published 2020-04-24 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135931 title Amazon Linux 2 : python-virtualenv (ALAS-2020-1413)
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||
rpms |
|
References
- http://docs.python-requests.org/en/master/community/updates/#release-and-version-history
- http://docs.python-requests.org/en/master/community/updates/#release-and-version-history
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00024.html
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00024.html
- https://access.redhat.com/errata/RHSA-2019:2035
- https://access.redhat.com/errata/RHSA-2019:2035
- https://bugs.debian.org/910766
- https://bugs.debian.org/910766
- https://github.com/requests/requests/commit/c45d7c49ea75133e52ab22a8e9e13173938e36ff
- https://github.com/requests/requests/commit/c45d7c49ea75133e52ab22a8e9e13173938e36ff
- https://github.com/requests/requests/issues/4716
- https://github.com/requests/requests/issues/4716
- https://github.com/requests/requests/pull/4718
- https://github.com/requests/requests/pull/4718
- https://usn.ubuntu.com/3790-1/
- https://usn.ubuntu.com/3790-1/
- https://usn.ubuntu.com/3790-2/
- https://usn.ubuntu.com/3790-2/
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html