Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2015-2296

Published: 18/03/2015 Updated: 18/03/2021
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Mageia Project

Vulnerability Summary

The resolve_redirects function in sessions.py in requests 2.1.0 up to and including 2.5.3 allows remote malicious users to conduct session fixation attacks via a cookie without a host value in a redirect.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

mageia project mageia 4.0

python requests 2.1.0

python requests 2.2.1

python requests 2.3.0

python requests 2.4.1

python requests 2.4.3

python requests 2.5.0

python requests 2.5.1

python requests 2.5.2

python requests 2.4.0

python requests 2.4.2

python requests 2.5.3

canonical ubuntu linux 14.10

canonical ubuntu linux 14.04

Vendor Advisories

Debian CVElist Bug Report Logs: requests: CVE-2015-2296: session fixation and cookie stealing issue
Debian Bug report logs - #780506 requests: CVE-2015-2296: session fixation and cookie stealing issue Package: src:requests; Maintainer for src:requests is Debian Python Modules Team <python-modules-team@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 15 Mar 2015 06:09:01 UTC ...
Ubuntu Security Notice: requests vulnerability
Requests could be made to expose cookies over the network ...
Amazon Linux AMI: ALAS-2015-512
A flaw was found in the way python-requests set the domain cookie parameter for certain HTTP responses A remote attacker could use this flaw to modify a cookie to be sent to an arbitrary URL ...
Amazon Linux AMI: ALAS-2015-541
A flaw was found in the way python-requests set the domain cookie parameter for certain HTTP responses A remote attacker could use this flaw to modify a cookie to be sent to an arbitrary URL ...
Red Hat: CVE-2015-2296
A flaw was found in the way python-requests set the domain cookie parameter for certain HTTP responses A remote attacker could use this flaw to modify a cookie to be sent to an arbitrary URL ...

References

NVD-CWE-Otherhttp://www.openwall.com/lists/oss-security/2015/03/15/1http://www.ubuntu.com/usn/USN-2531-1http://www.openwall.com/lists/oss-security/2015/03/14/4https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafchttps://warehouse.python.org/project/requests/2.6.0/http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153594.htmlhttp://advisories.mageia.org/MGASA-2015-0120.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2015:133https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780506https://usn.ubuntu.com/2531-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2015-2296
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversalCVE-2024-26978CVE-2024-26982wirelessCVE-2023-6949CVE-2024-26980CVE-2024-32766CVE-2024-26939cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook