6.8

CVE-2015-2296

The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mageia ProjectMageia Version4.0
PythonRequests Version2.1.0
PythonRequests Version2.2.1
PythonRequests Version2.3.0
PythonRequests Version2.4.0
PythonRequests Version2.4.1
PythonRequests Version2.4.2
PythonRequests Version2.4.3
PythonRequests Version2.5.0
PythonRequests Version2.5.1
PythonRequests Version2.5.2
PythonRequests Version2.5.3
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version14.10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.41% 0.874
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.mandriva.com/security/advisories?name=MDVSA-2015:133
http://advisories.mageia.org/MGASA-2015-0120.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153594.html
http://www.openwall.com/lists/oss-security/2015/03/14/4
http://www.openwall.com/lists/oss-security/2015/03/15/1
http://www.ubuntu.com/usn/USN-2531-1
https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc
https://warehouse.python.org/project/requests/2.6.0/
Vendor Advisory