CVE-2015-2296

kennethreitz/requests
on github

Published

Severity

CVSS v3:
N/A
CVSS v2:
6.8 MEDIUM

Description

The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.

References

Configurations

CPE23Version StartVersion EndExact Version
cpe:2.3:o:mageia_project:mageia:4.0:*:*:*:*:*:*:*n/an/a4.0
cpe:2.3:a:python:requests:2.4.2:*:*:*:*:*:*:*n/an/a2.4.2
cpe:2.3:a:python:requests:2.4.3:*:*:*:*:*:*:*n/an/a2.4.3
cpe:2.3:a:python:requests:2.5.0:*:*:*:*:*:*:*n/an/a2.5.0
cpe:2.3:a:python:requests:2.5.1:*:*:*:*:*:*:*n/an/a2.5.1
cpe:2.3:a:python:requests:2.1.0:*:*:*:*:*:*:*n/an/a2.1.0
cpe:2.3:a:python:requests:2.3.0:*:*:*:*:*:*:*n/an/a2.3.0
cpe:2.3:a:python:requests:2.4.0:*:*:*:*:*:*:*n/an/a2.4.0
cpe:2.3:a:python:requests:2.4.1:*:*:*:*:*:*:*n/an/a2.4.1
cpe:2.3:a:python:requests:2.5.2:*:*:*:*:*:*:*n/an/a2.5.2
cpe:2.3:a:python:requests:2.2.1:*:*:*:*:*:*:*n/an/a2.2.1
cpe:2.3:a:python:requests:2.5.3:*:*:*:*:*:*:*n/an/a2.5.3
cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*n/an/a14.10
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*n/an/a14.04

External Links