exploit the possibilities
Showing 1 - 11 of 11 RSS Feed

CVE-2018-18074

Status Candidate

Overview

The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.

Related Files

Red Hat Security Advisory 2020-3194-01
Posted Jul 29, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3194-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. Issues addressed include a man-in-the-middle vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-14404, CVE-2018-18074, CVE-2018-19519, CVE-2018-20060, CVE-2018-20337, CVE-2018-20852, CVE-2018-7263, CVE-2018-9251, CVE-2019-1010180, CVE-2019-1010204, CVE-2019-11236, CVE-2019-11324, CVE-2019-12447, CVE-2019-12448, CVE-2019-12449, CVE-2019-13232, CVE-2019-13752, CVE-2019-13753, CVE-2019-14563, CVE-2019-14822, CVE-2019-1547, CVE-2019-1549, CVE-2019-1563, CVE-2019-15847, CVE-2019-16056, CVE-2019-17451
MD5 | 6d8fedd0c28b95c1f558509bebc3b400
Red Hat Security Advisory 2020-2081-01
Posted May 12, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2081-01 - The virtualenv tool creates isolated Python environments. The virtualenv tool is a successor to workingenv, and an extension of virtual-python. Issues addressed include crlf injection and cross-host redirect vulnerabilities.

tags | advisory, vulnerability, python
systems | linux, redhat
advisories | CVE-2018-18074, CVE-2018-20060, CVE-2019-11236
MD5 | 388f4d7ca7879f6e930eed7890b3b91d
Red Hat Security Advisory 2020-2068-01
Posted May 12, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2068-01 - pip is a package management system used to install and manage software packages written in Python. Many packages can be found in the Python Package Index. pip is a recursive acronym that can stand for either "Pip Installs Packages" or "Pip Installs Python". Issues addressed include crlf injection and cross-host redirect vulnerabilities.

tags | advisory, vulnerability, python
systems | linux, redhat
advisories | CVE-2018-18074, CVE-2018-20060, CVE-2019-11236, CVE-2019-11324
MD5 | 417852390b6cb4870a493fb633f7bc3e
Red Hat Security Advisory 2020-1605-01
Posted Apr 28, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1605-01 - Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL. Issues addressed include crlf injection, cross-host redirect, and incorrect parsing vulnerabilities.

tags | advisory, vulnerability, python
systems | linux, redhat
advisories | CVE-2018-18074, CVE-2018-20060, CVE-2018-20852, CVE-2019-11236, CVE-2019-11324, CVE-2019-16056
MD5 | b416bf199600d228314d9fbd6d7a22b4
Red Hat Security Advisory 2020-1916-01
Posted Apr 28, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1916-01 - pip is a package management system used to install and manage software packages written in Python. Many packages can be found in the Python Package Index. pip is a recursive acronym that can stand for either "Pip Installs Packages" or "Pip Installs Python". Issues addressed include crlf injection and cross-host redirect vulnerabilities.

tags | advisory, vulnerability, python
systems | linux, redhat
advisories | CVE-2018-18074, CVE-2018-20060, CVE-2019-11236, CVE-2019-11324
MD5 | 2449ff849554000215bdae10931765da
Red Hat Security Advisory 2020-0850-01
Posted Mar 18, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0850-01 - An update for python-pip is now available for Red Hat Enterprise Linux 7. CRLF injection and credential exposure issues were addressed.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2018-18074, CVE-2018-20060, CVE-2019-11236, CVE-2019-11324
MD5 | eff1e890424eb7eb1c66344414b21dba
Red Hat Security Advisory 2020-0851-01
Posted Mar 17, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0851-01 - The virtualenv tool creates isolated Python environments. The virtualenv tool is a successor to workingenv, and an extension of virtual-python. CRLF injection and credential exposure issues were addressed.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2018-18074, CVE-2018-20060, CVE-2019-11236
MD5 | a967bf428d06d26208a20125867398db
Red Hat Security Advisory 2019-2035-01
Posted Aug 6, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2035-01 - The python-requests package contains a library designed to make HTTP requests easy for developers.

tags | advisory, web, python
systems | linux, redhat
advisories | CVE-2018-18074
MD5 | dd56e733d030c94970c5db1aeecabc1f
Stegano 0.8.6
Posted Nov 6, 2018
Authored by Cedric Bonhomme | Site github.com

Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.

Changes: Fixed a potential security issue related to CVE-2018-18074.
tags | tool, encryption, steganography, python
systems | unix
advisories | CVE-2018-18074
MD5 | e35d90beedc1aa42060c455467799ab7
Ubuntu Security Notice USN-3790-2
Posted Oct 22, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3790-2 - USN-3790-1 fixed vulnerabilities in Requests. This update provides the corresponding update for Ubuntu 18.10 It was discovered that Requests incorrectly handled certain HTTP headers. An attacker could possibly use this issue to access sensitive information. Various other issues were also addressed.

tags | advisory, web, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-18074
MD5 | 1b19f7fc14a933f4057623fbde241997
Ubuntu Security Notice USN-3790-1
Posted Oct 15, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3790-1 - It was discovered that Requests incorrectly handled certain HTTP headers. An attacker could possibly use this issue to access sensitive information.

tags | advisory, web
systems | linux, ubuntu
advisories | CVE-2018-18074
MD5 | 754f9259fdb45184151ad7346cb76c6b
Page 1 of 1
Back1Next

File Archive:

October 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    25 Files
  • 2
    Oct 2nd
    13 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    1 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    15 Files
  • 7
    Oct 7th
    15 Files
  • 8
    Oct 8th
    11 Files
  • 9
    Oct 9th
    3 Files
  • 10
    Oct 10th
    1 Files
  • 11
    Oct 11th
    1 Files
  • 12
    Oct 12th
    8 Files
  • 13
    Oct 13th
    12 Files
  • 14
    Oct 14th
    23 Files
  • 15
    Oct 15th
    4 Files
  • 16
    Oct 16th
    13 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    1 Files
  • 19
    Oct 19th
    27 Files
  • 20
    Oct 20th
    41 Files
  • 21
    Oct 21st
    15 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close