CVE-2018-18074 vulnerability in Canonical and Other Products
Published on October 9, 2018

The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2018-18074

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2018-18074 are published in these products:

Canonical Ubuntu Linux

Python Requests

OpenSuse Leap

Red Hat Enterprise Linux Desktop

Red Hat Enterprise Linux Server

Red Hat Enterprise Linux Workstation

Exploit Probability

EPSS

0.17%

Percentile

38.57%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2018-18074 vulnerability in Canonical and Other ProductsPublished on October 9, 2018

Products Associated with CVE-2018-18074

Exploit Probability

CVE-2018-18074 vulnerability in Canonical and Other Products
Published on October 9, 2018