Wind River Support Network

HomeDefectsLIN8-9858

Fixed

LIN8-9858 : Security Advisory - CVE-2018-18074 - python-requests

Created: Oct 11, 2018 Updated: Apr 22, 2022

Resolved Date: Oct 21, 2018

Found In Version: 8.0.0.26

Fix Version: 8.0.0.28

Severity: Standard

Applicable for: Wind River Linux 8

Component/s: Userspace

Description

CVE-2018-18074    The Requests package through 2.19.1 before 2018-09-14 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.

Other Downloads

Wind River Linux 8.0.0.28
Wind River Linux 8.0.0.29
Wind River Linux 8.0.0.30
Wind River Linux 8.0.0.31
Wind River Linux 8.0.0.32
Wind River Linux 8.0.0.33
Wind River Linux 8.0.0.34

CVEs

CVE-2018-18074