{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-10-09T00:00:00", "descriptions": [{"lang": "en", "value": "The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-07-22T17:57:42", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "USN-3790-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3790-1/"}, {"name": "USN-3790-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3790-2/"}, {"name": "openSUSE-SU-2019:1754", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00024.html"}, {"name": "RHSA-2019:2035", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2035"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpujul2022.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://docs.python-requests.org/en/master/community/updates/#release-and-version-history"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.debian.org/910766"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/requests/requests/commit/c45d7c49ea75133e52ab22a8e9e13173938e36ff"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/requests/requests/issues/4716"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/requests/requests/pull/4718"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-18074", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "USN-3790-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3790-1/"}, {"name": "USN-3790-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3790-2/"}, {"name": "openSUSE-SU-2019:1754", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00024.html"}, {"name": "RHSA-2019:2035", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2035"}, {"name": "https://www.oracle.com/security-alerts/cpujul2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujul2022.html"}, {"name": "http://docs.python-requests.org/en/master/community/updates/#release-and-version-history", "refsource": "CONFIRM", "url": "http://docs.python-requests.org/en/master/community/updates/#release-and-version-history"}, {"name": "https://bugs.debian.org/910766", "refsource": "MISC", "url": "https://bugs.debian.org/910766"}, {"name": "https://github.com/requests/requests/commit/c45d7c49ea75133e52ab22a8e9e13173938e36ff", "refsource": "MISC", "url": "https://github.com/requests/requests/commit/c45d7c49ea75133e52ab22a8e9e13173938e36ff"}, {"name": "https://github.com/requests/requests/issues/4716", "refsource": "MISC", "url": "https://github.com/requests/requests/issues/4716"}, {"name": "https://github.com/requests/requests/pull/4718", "refsource": "MISC", "url": "https://github.com/requests/requests/pull/4718"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T11:01:14.951Z"}, "title": "CVE Program Container", "references": [{"name": "USN-3790-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3790-1/"}, {"name": "USN-3790-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3790-2/"}, {"name": "openSUSE-SU-2019:1754", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00024.html"}, {"name": "RHSA-2019:2035", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2035"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpujul2022.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://docs.python-requests.org/en/master/community/updates/#release-and-version-history"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugs.debian.org/910766"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/requests/requests/commit/c45d7c49ea75133e52ab22a8e9e13173938e36ff"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/requests/requests/issues/4716"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/requests/requests/pull/4718"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-18074", "datePublished": "2018-10-09T15:00:00", "dateReserved": "2018-10-09T00:00:00", "dateUpdated": "2024-08-05T11:01:14.951Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:python:requests:*:*:*:*:*:*:*:*", "matchCriteriaId": "7CFBA4E8-EE3D-413C-8175-43F7E42960CA", "versionEndExcluding": "2.20.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network."}, {"lang": "es", "value": "El paquete Requests antes de la versi\u00f3n 2.20.0 para Python env\u00eda una cabecera de autorizaci\u00f3n HTTP a un URI http al recibir una redirecci\u00f3n same-hostname https-to-http, lo que facilita que los atacantes remotos descibran las credenciales esnifando la red."}], "id": "CVE-2018-18074", "lastModified": "2022-07-25T18:15:14.467", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-10-09T17:29:01.897", "references": [{"source": "cve@mitre.org", "tags": ["Release Notes", "Third Party Advisory"], "url": "http://docs.python-requests.org/en/master/community/updates/#release-and-version-history"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00024.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2035"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugs.debian.org/910766"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/requests/requests/commit/c45d7c49ea75133e52ab22a8e9e13173938e36ff"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://github.com/requests/requests/issues/4716"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/requests/requests/pull/4718"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3790-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3790-2/"}, {"source": "cve@mitre.org", "url": "https://www.oracle.com/security-alerts/cpujul2022.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-522"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHBA-2020:1539", "cpe": "cpe:/a:redhat:ansible_tower:3.5::el7", "package": "ansible-tower-35/ansible-tower:3.5.6-1", "product_name": "Red Hat Ansible Tower 3.5 for RHEL 7", "release_date": "2020-04-22T00:00:00Z"}, {"advisory": "RHBA-2020:1540", "cpe": "cpe:/a:redhat:ansible_tower:3.6::el7", "package": "ansible-tower-36/ansible-tower:3.6.4-1", "product_name": "Red Hat Ansible Tower 3.6 for RHEL 7", "release_date": "2020-04-22T00:00:00Z"}, {"advisory": "RHSA-2019:2035", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "python-requests-0:2.6.0-5.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2019-08-06T00:00:00Z"}, {"advisory": "RHSA-2020:0850", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "python-pip-0:9.0.3-7.el7_7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-03-17T00:00:00Z"}, {"advisory": "RHSA-2020:0851", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "python-virtualenv-0:15.1.0-4.el7_7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-03-17T00:00:00Z"}, {"advisory": "RHSA-2020:2068", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "python-pip-0:9.0.3-7.el7_8", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-05-12T00:00:00Z"}, {"advisory": "RHSA-2020:2081", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "python-virtualenv-0:15.1.0-4.el7_8", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-05-12T00:00:00Z"}, {"advisory": "RHSA-2020:1605", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "python27:2.7-8020020200117110429.90f98d4f", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:1916", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "python-pip-0:9.0.3-16.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}, {"advisory": "RHSA-2020:1916", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "python-pip-0:9.0.3-16.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-04-28T00:00:00Z"}], "bugzilla": {"description": "python-requests: Redirect from HTTPS to HTTP does not remove Authorization header", "id": "1643829", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1643829"}, "csaw": false, "cvss3": {"cvss3_base_score": "2.6", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified"}, "cwe": "CWE-522", "details": ["The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.", "A credentials-exposure flaw was found in python-requests, where if a request with authentication is redirected (302) from an HTTPS endpoint to an HTTP endpoint on the same host, the Authorization header is not stripped and the credentials can be read in plain text. A man-in-the-middle attacker could exploit this flaw to obtain a user's valid credentials."], "name": "CVE-2018-18074", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "python-requests", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "python36:3.6/python-virtualenv", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "python-requests", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:openshift:3.9", "fix_state": "Affected", "package_name": "python-requests", "product_name": "Red Hat OpenShift Container Platform 3.9"}, {"cpe": "cpe:/a:redhat:openstack:10", "fix_state": "Will not fix", "package_name": "python-requests", "product_name": "Red Hat OpenStack Platform 10 (Newton)"}, {"cpe": "cpe:/a:redhat:openstack:12", "fix_state": "Affected", "package_name": "python-requests", "product_name": "Red Hat OpenStack Platform 12 (Pike)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Will not fix", "package_name": "python-requests", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:14", "fix_state": "Affected", "package_name": "python-requests", "product_name": "Red Hat OpenStack Platform 14 (Rocky)"}, {"cpe": "cpe:/a:redhat:openstack:8", "fix_state": "Will not fix", "package_name": "python-requests", "product_name": "Red Hat OpenStack Platform 8 (Liberty)"}, {"cpe": "cpe:/a:redhat:openstack:9", "fix_state": "Will not fix", "package_name": "python-requests", "product_name": "Red Hat OpenStack Platform 9 (Mitaka)"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Will not fix", "package_name": "python27-python-pip", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Will not fix", "package_name": "python27-python-virtualenv", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Will not fix", "package_name": "rh-mongodb36-python-requests", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Will not fix", "package_name": "rh-python36-python-pip", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Will not fix", "package_name": "rh-python36-python-virtualenv", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Affected", "package_name": "python-requests", "product_name": "Red Hat Storage 3"}], "public_date": "2018-06-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-18074\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-18074"], "threat_severity": "Low", "upstream_fix": "python-requests 2.20.0"}