The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
18 Mar 2021, 13:19
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:python-requests:requests:2.5.2:*:*:*:*:*:*:* cpe:2.3:a:python-requests:requests:2.3.0:*:*:*:*:*:*:* cpe:2.3:a:python-requests:requests:2.4.0:*:*:*:*:*:*:* cpe:2.3:a:python-requests:requests:2.4.3:*:*:*:*:*:*:* cpe:2.3:a:python-requests:requests:2.2.1:*:*:*:*:*:*:* cpe:2.3:a:python-requests:requests:2.5.1:*:*:*:*:*:*:* cpe:2.3:a:python-requests:requests:2.1.0:*:*:*:*:*:*:* cpe:2.3:a:python-requests:requests:2.4.2:*:*:*:*:*:*:* cpe:2.3:a:python-requests:requests:2.5.0:*:*:*:*:*:*:* cpe:2.3:a:python-requests:requests:2.5.3:*:*:*:*:*:*:* |
cpe:2.3:a:python:requests:2.5.3:*:*:*:*:*:*:* cpe:2.3:a:python:requests:2.5.0:*:*:*:*:*:*:* cpe:2.3:a:python:requests:2.4.1:*:*:*:*:*:*:* cpe:2.3:a:python:requests:2.5.2:*:*:*:*:*:*:* cpe:2.3:a:python:requests:2.1.0:*:*:*:*:*:*:* cpe:2.3:a:python:requests:2.2.1:*:*:*:*:*:*:* cpe:2.3:a:python:requests:2.4.0:*:*:*:*:*:*:* cpe:2.3:a:python:requests:2.3.0:*:*:*:*:*:*:* cpe:2.3:a:python:requests:2.5.1:*:*:*:*:*:*:* cpe:2.3:a:python:requests:2.4.2:*:*:*:*:*:*:* cpe:2.3:a:python:requests:2.4.3:*:*:*:*:*:*:* |
Information
Published : 2015-03-18 16:59
Updated : 2023-12-10 11:31
NVD link : CVE-2015-2296
Mitre link : CVE-2015-2296
CVE.ORG link : CVE-2015-2296
JSON object : View
Products Affected
python
- requests
mageia_project
- mageia
canonical
- ubuntu_linux
CWE