CVE-2015-2296 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.8 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:P/I:P/A:P

Base Score

CVSS 3.x

EPSS Score

Percentile: 78%

Affected Products (NVD)

Vendor	Product	Version
mageia_project	mageia	4.0
python	requests	2.1.0
python	requests	2.2.1
python	requests	2.3.0
python	requests	2.4.0
python	requests	2.4.1
python	requests	2.4.2
python	requests	2.4.3
python	requests	2.5.0
python	requests	2.5.1
python	requests	2.5.2
python	requests	2.5.3
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	14.10

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

requests

bookworm	2.28.1+dfsg-1 fixed
bullseye	2.25.1+dfsg-2 fixed
sid	2.32.3+dfsg-1 fixed
trixie	2.32.3+dfsg-1 fixed
wheezy	not-affected

Ubuntu Releases

Ubuntu Product

Codename

requests

lucid	dne
precise	not-affected
trusty	Fixed 2.2.1-1ubuntu0.2 released
utopic	Fixed 2.3.0-1ubuntu0.1 released

References

http://advisories.mageia.org/MGASA-2015-0120.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153594.html

http://www.mandriva.com/security/advisories?name=MDVSA-2015:133

http://www.openwall.com/lists/oss-security/2015/03/14/4

http://www.openwall.com/lists/oss-security/2015/03/15/1

http://www.ubuntu.com/usn/USN-2531-1

https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc

https://warehouse.python.org/project/requests/2.6.0/

http://advisories.mageia.org/MGASA-2015-0120.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153594.html

http://www.mandriva.com/security/advisories?name=MDVSA-2015:133

http://www.openwall.com/lists/oss-security/2015/03/14/4

http://www.openwall.com/lists/oss-security/2015/03/15/1

http://www.ubuntu.com/usn/USN-2531-1

https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc

https://warehouse.python.org/project/requests/2.6.0/