Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2014-1830

Published: 15/10/2014 Updated: 30/10/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Opensuse

Vulnerability Summary

Requests (aka python-requests) prior to 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

opensuse opensuse 13.1

python requests

Vendor Advisories

Debian CVElist Bug Report Logs: python3-requests: redirect can expose netrc password
Debian Bug report logs - #733108 python3-requests: redirect can expose netrc password Package: python3-requests; Maintainer for python3-requests is Debian Python Modules Team <python-modules-team@listsaliothdebianorg>; Source for python3-requests is src:requests (PTS, buildd, popcon) Reported by: Jakub Wilk <jwilk@debi ...
Ubuntu Security Notice: requests vulnerabilities
Requests could be made to expose authentication credentials over the network ...
Debian Security Advisories: DSA-3146-1 requests -- security update
Jakub Wilk discovered that in requests, an HTTP library for the Python language, authentication information was improperly handled when a redirect occured This would allow remote servers to obtain two different types of sensitive information: proxy passwords from the Proxy-Authorization header (CVE-2014-1830), or netrc passwords from the Authoriza ...
Red Hat: CVE-2014-1830
Requests (aka python-requests) before 230 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request ...

References

CWE-200https://github.com/kennethreitz/requests/issues/1885https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=733108http://www.debian.org/security/2015/dsa-3146http://www.mandriva.com/security/advisories?name=MDVSA-2015:133http://advisories.mageia.org/MGASA-2014-0409.htmlhttp://lists.opensuse.org/opensuse-updates/2016-01/msg00095.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=733108https://usn.ubuntu.com/2382-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2014-1830
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionSSRFbuffer overflowCVE-2023-28952CVE-2023-41822CVE-2024-27956CVE-2023-7028CVE-2024-34447CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook