This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Python First view 2014-10-15
Product Requests Last view 2018-10-09
Version 2.1.0 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:python:requests

Activity : Overall

Related : CVE

  Date Alert Description
7.5 2018-10-09 CVE-2018-18074

The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.

6.8 2015-03-18 CVE-2015-2296

The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.

5 2014-10-15 CVE-2014-1830

Requests (aka python-requests) before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request.

5 2014-10-15 CVE-2014-1829

Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request.

CWE : Common Weakness Enumeration

%idName
66% (2) CWE-200 Information Exposure
33% (1) CWE-522 Insufficiently Protected Credentials

Nessus® Vulnerability Scanner

id Description
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-52262a02be.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-9324e844d9.nasl - Type: ACT_GATHER_INFO
2018-11-14 Name: The remote Fedora host is missing a security update.
File: fedora_2018-41320b315a.nasl - Type: ACT_GATHER_INFO
2016-01-27 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-98.nasl - Type: ACT_GATHER_INFO
2015-06-12 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2015-541.nasl - Type: ACT_GATHER_INFO
2015-04-20 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2015-512.nasl - Type: ACT_GATHER_INFO
2015-03-30 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2015-4084.nasl - Type: ACT_GATHER_INFO
2015-03-30 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2015-133.nasl - Type: ACT_GATHER_INFO
2015-03-17 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2531-1.nasl - Type: ACT_GATHER_INFO
2015-02-02 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3146.nasl - Type: ACT_GATHER_INFO
2014-10-15 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2382-1.nasl - Type: ACT_GATHER_INFO