Wind River Support Network

HomeDefectsLIN9-7544

Fixed

LIN9-7544 : Security Advisory - CVE-2018-18074 - python-requests

Created: Oct 14, 2018 Updated: Apr 22, 2022

Resolved Date: Oct 16, 2018

Found In Version: unknown

Fix Version: 9.0.0.18

Severity: Standard

Applicable for: Wind River Linux 9

Component/s: Userspace

Description

CVE-2018-18074    The Requests package through 2.19.1 before 2018-09-14 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.

Other Downloads

Wind River Linux 9.0.0.18
Wind River Linux 9.0.0.19
Wind River Linux 9.0.0.20
Wind River Linux 9.0.0.21
Wind River Linux 9.0.0.22
Wind River Linux 9.0.0.23
Wind River Linux 9.0.0.24
Wind River Linux 9.0.0.25
Wind River Linux 9.0.0.26

CVEs

CVE-2018-18074