CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-2296

The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.008

EPSS Ranking 73.2%

CVSS Severity

CVSS v2 Score 6.8

References

Products affected by CVE-2015-2296

Python » Requests » Version: 2.1.0

cpe:2.3:a:python:requests:2.1.0
Python » Requests » Version: 2.2.1

cpe:2.3:a:python:requests:2.2.1
Python » Requests » Version: 2.3.0

cpe:2.3:a:python:requests:2.3.0
Python » Requests » Version: 2.4.0

cpe:2.3:a:python:requests:2.4.0
Python » Requests » Version: 2.4.1

cpe:2.3:a:python:requests:2.4.1
Python » Requests » Version: 2.4.2

cpe:2.3:a:python:requests:2.4.2
Python » Requests » Version: 2.4.3

cpe:2.3:a:python:requests:2.4.3
Python » Requests » Version: 2.5.0

cpe:2.3:a:python:requests:2.5.0
Python » Requests » Version: 2.5.1

cpe:2.3:a:python:requests:2.5.1
Python » Requests » Version: 2.5.2

cpe:2.3:a:python:requests:2.5.2
Python » Requests » Version: 2.5.3

cpe:2.3:a:python:requests:2.5.3
Canonical » Ubuntu Linux » Version: 14.04

cpe:2.3:o:canonical:ubuntu_linux:14.04
Canonical » Ubuntu Linux » Version: 14.10

cpe:2.3:o:canonical:ubuntu_linux:14.10
Mageia Project » Mageia » Version: 4.0

cpe:2.3:o:mageia_project:mageia:4.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-2296

Products

Pricing

Contact Us