CVE-2015-2296
Published Mar 18, 2015
Last updated 4 years ago
Overview
- Description
- The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Evaluator
- Comment
- <a href="http://cwe.mitre.org/data/definitions/384.html">CWE-384: Session Fixation</a>
- Impact
- -
- Solution
- -
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mageia_project:mageia:4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A7D2FA5A-6EC3-490B-A6A5-C498C889E30D"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:python:requests:2.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FEFEBF18-876A-4E3C-A30B-71577B9938CE"
},
{
"criteria": "cpe:2.3:a:python:requests:2.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "18282B8E-738F-495C-B990-F70D0F0F8F8B"
},
{
"criteria": "cpe:2.3:a:python:requests:2.3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2DE39CDB-643B-4126-9CA2-9C50337BBF58"
},
{
"criteria": "cpe:2.3:a:python:requests:2.4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "425B2FDF-69C3-4C0C-8972-E41EC457F791"
},
{
"criteria": "cpe:2.3:a:python:requests:2.4.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BB05BA9A-23AE-49D4-A1E7-96F8964A3BFF"
},
{
"criteria": "cpe:2.3:a:python:requests:2.4.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "800BD957-9C00-41F9-BD04-485698BD55D4"
},
{
"criteria": "cpe:2.3:a:python:requests:2.4.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6FA61528-1797-44A2-99FA-F24866B4A663"
},
{
"criteria": "cpe:2.3:a:python:requests:2.5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "544C8C6B-0532-4D06-8A50-6C629B5C48F9"
},
{
"criteria": "cpe:2.3:a:python:requests:2.5.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D34A4A03-6B83-4FED-91DF-73D3DC895879"
},
{
"criteria": "cpe:2.3:a:python:requests:2.5.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4016F80B-6EB3-4C5B-B2A6-483A24E9E70C"
},
{
"criteria": "cpe:2.3:a:python:requests:2.5.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "330946FA-38DC-4797-AEB3-0B038B828F9A"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084"
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "49A63F39-30BE-443F-AF10-6245587D3359"
}
],
"operator": "OR"
}
]
}
]