exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 12 of 12 RSS Feed

CVE-2018-18074

Status Candidate

Overview

The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.

Related Files

Red Hat Security Advisory 2020-4298-01
Posted Oct 27, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4298-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include code execution, cross site scripting, and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution, xss
systems | linux, redhat
advisories | CVE-2013-0169, CVE-2016-10739, CVE-2018-14404, CVE-2018-14498, CVE-2018-16890, CVE-2018-18074, CVE-2018-18624, CVE-2018-18751, CVE-2018-19519, CVE-2018-20060, CVE-2018-20337, CVE-2018-20483, CVE-2018-20657, CVE-2018-20852, CVE-2018-9251, CVE-2019-1010180, CVE-2019-1010204, CVE-2019-11070, CVE-2019-11236, CVE-2019-11324, CVE-2019-11358, CVE-2019-11459, CVE-2019-12447, CVE-2019-12448, CVE-2019-12449, CVE-2019-12450
SHA-256 | b21e4b6db18910bfdf465e20ef86844c5bb5f82b4312bf2f74efe50f227b2c78
Red Hat Security Advisory 2020-3194-01
Posted Jul 29, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3194-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. Issues addressed include a man-in-the-middle vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-14404, CVE-2018-18074, CVE-2018-19519, CVE-2018-20060, CVE-2018-20337, CVE-2018-20852, CVE-2018-7263, CVE-2018-9251, CVE-2019-1010180, CVE-2019-1010204, CVE-2019-11236, CVE-2019-11324, CVE-2019-12447, CVE-2019-12448, CVE-2019-12449, CVE-2019-13232, CVE-2019-13752, CVE-2019-13753, CVE-2019-14563, CVE-2019-14822, CVE-2019-1547, CVE-2019-1549, CVE-2019-1563, CVE-2019-15847, CVE-2019-16056, CVE-2019-17451
SHA-256 | ab12a5414b74ae4ec0875438bd155092413bb637cd1033a63c83f8057805a037
Red Hat Security Advisory 2020-2081-01
Posted May 12, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2081-01 - The virtualenv tool creates isolated Python environments. The virtualenv tool is a successor to workingenv, and an extension of virtual-python. Issues addressed include crlf injection and cross-host redirect vulnerabilities.

tags | advisory, vulnerability, python
systems | linux, redhat
advisories | CVE-2018-18074, CVE-2018-20060, CVE-2019-11236
SHA-256 | 53767ad5352ed20cb8ca7c3918fe2dda72fa748930d38fe6c8f1a01451dc060f
Red Hat Security Advisory 2020-2068-01
Posted May 12, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2068-01 - pip is a package management system used to install and manage software packages written in Python. Many packages can be found in the Python Package Index. pip is a recursive acronym that can stand for either "Pip Installs Packages" or "Pip Installs Python". Issues addressed include crlf injection and cross-host redirect vulnerabilities.

tags | advisory, vulnerability, python
systems | linux, redhat
advisories | CVE-2018-18074, CVE-2018-20060, CVE-2019-11236, CVE-2019-11324
SHA-256 | 87966f1f0dcdbef82c708d2e11bbdf46353bf73a365411cf42ea50c58ea945dd
Red Hat Security Advisory 2020-1605-01
Posted Apr 28, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1605-01 - Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL. Issues addressed include crlf injection, cross-host redirect, and incorrect parsing vulnerabilities.

tags | advisory, vulnerability, python
systems | linux, redhat
advisories | CVE-2018-18074, CVE-2018-20060, CVE-2018-20852, CVE-2019-11236, CVE-2019-11324, CVE-2019-16056
SHA-256 | 3eb4d4cc738eeaf8816539a02e6c07fc0fb8726c826eb4593ecf261bf9422b6e
Red Hat Security Advisory 2020-1916-01
Posted Apr 28, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1916-01 - pip is a package management system used to install and manage software packages written in Python. Many packages can be found in the Python Package Index. pip is a recursive acronym that can stand for either "Pip Installs Packages" or "Pip Installs Python". Issues addressed include crlf injection and cross-host redirect vulnerabilities.

tags | advisory, vulnerability, python
systems | linux, redhat
advisories | CVE-2018-18074, CVE-2018-20060, CVE-2019-11236, CVE-2019-11324
SHA-256 | 2be2385deefcc0b08adfe931f7bf3c65ce9469409f1802efaccb32bf26ede123
Red Hat Security Advisory 2020-0850-01
Posted Mar 18, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0850-01 - An update for python-pip is now available for Red Hat Enterprise Linux 7. CRLF injection and credential exposure issues were addressed.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2018-18074, CVE-2018-20060, CVE-2019-11236, CVE-2019-11324
SHA-256 | c1674723bf5c16e5a05432dc3f9d31be0db0dce59a812facdd8e98956fcd15bf
Red Hat Security Advisory 2020-0851-01
Posted Mar 17, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0851-01 - The virtualenv tool creates isolated Python environments. The virtualenv tool is a successor to workingenv, and an extension of virtual-python. CRLF injection and credential exposure issues were addressed.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2018-18074, CVE-2018-20060, CVE-2019-11236
SHA-256 | 38c01ab80cd3cc1715a3a741bfd74eb78d86995bb02d366abac9285f8009e31e
Red Hat Security Advisory 2019-2035-01
Posted Aug 6, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2035-01 - The python-requests package contains a library designed to make HTTP requests easy for developers.

tags | advisory, web, python
systems | linux, redhat
advisories | CVE-2018-18074
SHA-256 | f073165564cc7562415118a31c93d594520b92a5a805f365f6ac2d161b045b08
Stegano 0.8.6
Posted Nov 6, 2018
Authored by Cedric Bonhomme | Site github.com

Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.

Changes: Fixed a potential security issue related to CVE-2018-18074.
tags | tool, encryption, steganography, python
systems | unix
advisories | CVE-2018-18074
SHA-256 | 00c9aff3d788a3959003b738379817fa8e6213184c3d8e56f7164415d7d74dec
Ubuntu Security Notice USN-3790-2
Posted Oct 22, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3790-2 - USN-3790-1 fixed vulnerabilities in Requests. This update provides the corresponding update for Ubuntu 18.10 It was discovered that Requests incorrectly handled certain HTTP headers. An attacker could possibly use this issue to access sensitive information. Various other issues were also addressed.

tags | advisory, web, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-18074
SHA-256 | b74c3d0c3ad6d6d88dcee8b65b3d25e671bc7d04808ecde332091b94735a5276
Ubuntu Security Notice USN-3790-1
Posted Oct 15, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3790-1 - It was discovered that Requests incorrectly handled certain HTTP headers. An attacker could possibly use this issue to access sensitive information.

tags | advisory, web
systems | linux, ubuntu
advisories | CVE-2018-18074
SHA-256 | cecd819e00cb7f029c329aa4d01dc453ff04877404e627e6205f426776f09860
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close