Test ID:	1.3.6.1.4.1.25623.1.1.2.2019.1947
Category:	Huawei EulerOS Local Security Checks
Title:	Huawei EulerOS: Security Advisory for python-requests (EulerOS-SA-2019-1947)
Summary:	The remote host is missing an update for the Huawei EulerOS 'python-requests' package(s) announced via the EulerOS-SA-2019-1947 advisory.
Description:	Summary: The remote host is missing an update for the Huawei EulerOS 'python-requests' package(s) announced via the EulerOS-SA-2019-1947 advisory. Vulnerability Insight: A credentials-exposure flaw was found in python-requests, where if a request with authentication is redirected (302) from an HTTPS endpoint to an HTTP endpoint on the same host, the Authorization header is not stripped and the credentials can be read in plain text. A man-in-the-middle attacker could exploit this flaw to obtain a user's valid credentials.(CVE-2018-18074) Affected Software/OS: 'python-requests' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.2.0. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2018-18074 http://docs.python-requests.org/en/master/community/updates/#release-and-version-history https://bugs.debian.org/910766 https://github.com/requests/requests/commit/c45d7c49ea75133e52ab22a8e9e13173938e36ff https://github.com/requests/requests/issues/4716 https://github.com/requests/requests/pull/4718 https://www.oracle.com/security-alerts/cpujul2022.html RedHat Security Advisories: RHSA-2019:2035 https://access.redhat.com/errata/RHSA-2019:2035 SuSE Security Announcement: openSUSE-SU-2019:1754 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00024.html https://usn.ubuntu.com/3790-1/ https://usn.ubuntu.com/3790-2/
Copyright	Copyright (C) 2020 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.