Mandriva Linux Security Advisory : python-requests (MDVSA-2015:133)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Synopsis :

The remote Mandriva Linux host is missing one or more security

Description :

Updated python-requests packages fix security vulnerabilities :

Python-requests was found to have a vulnerability, where the attacker
can retrieve the passwords from ~/.netrc file through redirect
requests, if the user has their passwords stored in the ~/.netrc file

It was discovered that the python-requests Proxy-Authorization header
was never re-evaluated when a redirect occurs. The Proxy-Authorization
header was sent to any new proxy or non-proxy destination as
redirected (CVE-2014-1830).

In python-requests before 2.6.0, a cookie without a host value set
would use the hostname for the redirected URL exposing requests users
to session fixation attacks and potentially cookie stealing

See also :

Solution :

Update the affected python-requests and / or python3-requests

Risk factor :

Medium / CVSS Base Score : 6.8

Family: Mandriva Local Security Checks

Nessus Plugin ID: 82386 ()

Bugtraq ID:

CVE ID: CVE-2014-1829

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now