CVE-2018-18074

CVE Details

Release Date:2018-10-09

Description


The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.

See more information about CVE-2018-18074 from MITRE CVE dictionary and NIST NVD


CVSS v3.0 metrics


NOTE: The following CVSS v3.0 metrics and score provided are preliminary and subject to review.

Base Score: 7.5 Base Metrics: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Access Vector: Network Attack Complexity: Low
Privileges Required: None User Interaction: None
Scope: Unchanged Confidentiality Impact: High
Integrity Impact: None Availability Impact: None

Errata information


PlatformErrataRelease Date
Oracle Linux version 7 (python-pip)ELSA-2020-08502020-03-18
Oracle Linux version 7 (python-pip)ELSA-2020-20682020-05-19
Oracle Linux version 7 (python-requests)ELSA-2019-20352019-08-13
Oracle Linux version 7 (python-virtualenv)ELSA-2020-08512020-03-18
Oracle Linux version 7 (python-virtualenv)ELSA-2020-20812020-05-19
Oracle Linux version 8 (Cython)ELSA-2020-16052020-05-05
Oracle Linux version 8 (PyYAML)ELSA-2020-16052020-05-05
Oracle Linux version 8 (babel)ELSA-2020-16052020-05-05
Oracle Linux version 8 (numpy)ELSA-2020-16052020-05-05
Oracle Linux version 8 (pytest)ELSA-2020-16052020-05-05
Oracle Linux version 8 (python-PyMySQL)ELSA-2020-16052020-05-05
Oracle Linux version 8 (python-attrs)ELSA-2020-16052020-05-05
Oracle Linux version 8 (python-backports)ELSA-2020-16052020-05-05
Oracle Linux version 8 (python-backports-ssl_match_hostname)ELSA-2020-16052020-05-05
Oracle Linux version 8 (python-chardet)ELSA-2020-16052020-05-05
Oracle Linux version 8 (python-coverage)ELSA-2020-16052020-05-05
Oracle Linux version 8 (python-dns)ELSA-2020-16052020-05-05
Oracle Linux version 8 (python-docs)ELSA-2020-16052020-05-05
Oracle Linux version 8 (python-docutils)ELSA-2020-16052020-05-05
Oracle Linux version 8 (python-funcsigs)ELSA-2020-16052020-05-05
Oracle Linux version 8 (python-idna)ELSA-2020-16052020-05-05
Oracle Linux version 8 (python-ipaddress)ELSA-2020-16052020-05-05
Oracle Linux version 8 (python-jinja2)ELSA-2020-16052020-05-05
Oracle Linux version 8 (python-lxml)ELSA-2020-16052020-05-05
Oracle Linux version 8 (python-markupsafe)ELSA-2020-16052020-05-05
Oracle Linux version 8 (python-mock)ELSA-2020-16052020-05-05
Oracle Linux version 8 (python-nose)ELSA-2020-16052020-05-05
Oracle Linux version 8 (python-pip)ELSA-2020-19162020-05-05
Oracle Linux version 8 (python-pluggy)ELSA-2020-16052020-05-05
Oracle Linux version 8 (python-psycopg2)ELSA-2020-16052020-05-05
Oracle Linux version 8 (python-py)ELSA-2020-16052020-05-05
Oracle Linux version 8 (python-pygments)ELSA-2020-16052020-05-05
Oracle Linux version 8 (python-pymongo)ELSA-2020-16052020-05-05
Oracle Linux version 8 (python-pysocks)ELSA-2020-16052020-05-05
Oracle Linux version 8 (python-pytest-mock)ELSA-2020-16052020-05-05
Oracle Linux version 8 (python-requests)ELSA-2020-16052020-05-05
Oracle Linux version 8 (python-setuptools_scm)ELSA-2020-16052020-05-05
Oracle Linux version 8 (python-six)ELSA-2020-16052020-05-05
Oracle Linux version 8 (python-sqlalchemy)ELSA-2020-16052020-05-05
Oracle Linux version 8 (python-urllib3)ELSA-2020-16052020-05-05
Oracle Linux version 8 (python-virtualenv)ELSA-2020-16052020-05-05
Oracle Linux version 8 (python-wheel)ELSA-2020-16052020-05-05
Oracle Linux version 8 (python2)ELSA-2020-16052020-05-05
Oracle Linux version 8 (python2-pip)ELSA-2020-16052020-05-05
Oracle Linux version 8 (python2-rpm-macros)ELSA-2020-16052020-05-05
Oracle Linux version 8 (python2-setuptools)ELSA-2020-16052020-05-05
Oracle Linux version 8 (pytz)ELSA-2020-16052020-05-05
Oracle Linux version 8 (scipy)ELSA-2020-16052020-05-05



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete