CVE-2015-2296

The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 78%
Affected Products (NVD)
VendorProductVersion
mageia_projectmageia
4.0
pythonrequests
2.1.0
pythonrequests
2.2.1
pythonrequests
2.3.0
pythonrequests
2.4.0
pythonrequests
2.4.1
pythonrequests
2.4.2
pythonrequests
2.4.3
pythonrequests
2.5.0
pythonrequests
2.5.1
pythonrequests
2.5.2
pythonrequests
2.5.3
canonicalubuntu_linux
14.04
canonicalubuntu_linux
14.10
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
requests
bookworm
2.28.1+dfsg-1
fixed
bullseye
2.25.1+dfsg-2
fixed
sid
2.32.3+dfsg-1
fixed
trixie
2.32.3+dfsg-1
fixed
wheezy
not-affected
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
requests
lucid
dne
precise
not-affected
trusty
Fixed 2.2.1-1ubuntu0.2
released
utopic
Fixed 2.3.0-1ubuntu0.1
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
aws-cli-py36
suse enterprise server 12 SP3
1.19.9-6.3.15
fixed
libpython3_6m1_0
suse enterprise server 12 SP3
3.6.15-6.61.5
fixed
python-certifi
suse enterprise sap 12
2018.4.16-3.6.1
fixed
suse enterprise sap 12 SP3
2018.4.16-3.6.1
fixed
suse enterprise sap 12 SP4
2018.4.16-3.6.1
fixed
suse enterprise sap 12 SP5
2018.4.16-3.6.1
fixed
suse enterprise server 12
2018.4.16-3.6.1
fixed
suse enterprise server 12 SP3
2018.4.16-3.6.1
fixed
suse enterprise server 12 SP4
2018.4.16-3.6.1
fixed
suse enterprise server 12 SP5
2018.4.16-3.6.1
fixed
python-chardet
suse enterprise sap 12
3.0.4-5.6.1
fixed
suse enterprise sap 12 SP3
3.0.4-5.6.1
fixed
suse enterprise sap 12 SP4
3.0.4-5.6.1
fixed
suse enterprise sap 12 SP5
3.0.4-5.6.1
fixed
suse enterprise server 12
3.0.4-5.6.1
fixed
suse enterprise server 12 SP3
3.0.4-5.6.1
fixed
suse enterprise server 12 SP4
3.0.4-5.6.1
fixed
suse enterprise server 12 SP5
3.0.4-5.6.1
fixed
python-jmespath
suse enterprise sap 12
0.9.2-10.6.1
fixed
suse enterprise sap 12 SP3
0.9.2-10.6.1
fixed
suse enterprise sap 12 SP4
0.9.2-10.6.1
fixed
suse enterprise sap 12 SP5
0.9.2-10.6.1
fixed
suse enterprise server 12
0.9.2-10.6.1
fixed
suse enterprise server 12 SP3
0.9.2-10.6.1
fixed
suse enterprise server 12 SP4
0.9.2-10.6.1
fixed
suse enterprise server 12 SP5
0.9.2-10.6.1
fixed
python-jsonschema
suse enterprise sap 12
2.2.0-3.3.1
fixed
suse enterprise sap 12 SP3
2.2.0-3.3.1
fixed
suse enterprise sap 12 SP4
2.2.0-3.3.1
fixed
suse enterprise sap 12 SP5
2.2.0-3.3.1
fixed
suse enterprise server 12
2.2.0-3.3.1
fixed
suse enterprise server 12 SP3
2.2.0-3.3.1
fixed
suse enterprise server 12 SP4
2.2.0-3.3.1
fixed
suse enterprise server 12 SP5
2.2.0-3.3.1
fixed
python-paramiko
suse enterprise sap 12
1.18.5-2.15.1
fixed
suse enterprise sap 12 SP3
1.18.5-2.15.1
fixed
suse enterprise sap 12 SP4
1.18.5-2.15.1
fixed
suse enterprise sap 12 SP5
1.18.5-2.15.1
fixed
suse enterprise server 12
1.18.5-2.15.1
fixed
suse enterprise server 12 SP3
1.18.5-2.15.1
fixed
suse enterprise server 12 SP4
1.18.5-2.15.1
fixed
suse enterprise server 12 SP5
1.18.5-2.15.1
fixed
python-pip
suse enterprise sap 12
10.0.1-11.6.1
fixed
suse enterprise sap 12 SP3
10.0.1-11.6.1
fixed
suse enterprise sap 12 SP4
10.0.1-11.6.1
fixed
suse enterprise sap 12 SP5
10.0.1-11.6.1
fixed
suse enterprise server 12
10.0.1-11.6.1
fixed
suse enterprise server 12 SP3
10.0.1-11.6.1
fixed
suse enterprise server 12 SP4
10.0.1-11.6.1
fixed
suse enterprise server 12 SP5
10.0.1-11.6.1
fixed
python-ply
suse enterprise sap 12
3.4-3.3.1
fixed
suse enterprise sap 12 SP3
3.4-3.3.1
fixed
suse enterprise sap 12 SP4
3.4-3.3.1
fixed
suse enterprise sap 12 SP5
3.4-3.3.1
fixed
suse enterprise server 12
3.4-3.3.1
fixed
suse enterprise server 12 SP3
3.4-3.3.1
fixed
suse enterprise server 12 SP4
3.4-3.3.1
fixed
suse enterprise server 12 SP5
3.4-3.3.1
fixed
python-requests
suse enterprise sap 12
2.8.1-6.9.1
fixed
suse enterprise sap 12 SP3
2.8.1-6.9.1
fixed
suse enterprise sap 12 SP4
2.8.1-6.9.1
fixed
suse enterprise sap 12 SP5
2.18.2-8.4.2
fixed
suse enterprise server 12
2.8.1-6.9.1
fixed
suse enterprise server 12 SP3
2.8.1-6.9.1
fixed
suse enterprise server 12 SP4
2.8.1-6.9.1
fixed
suse enterprise server 12 SP5
2.18.2-8.4.2
fixed
python-urllib3
suse enterprise sap 12
1.22-3.20.1
fixed
suse enterprise sap 12 SP3
1.22-3.20.1
fixed
suse enterprise sap 12 SP4
1.22-3.20.1
fixed
suse enterprise sap 12 SP5
1.22-3.20.1
fixed
suse enterprise server 12
1.22-3.20.1
fixed
suse enterprise server 12 SP3
1.22-3.20.1
fixed
suse enterprise server 12 SP4
1.22-3.20.1
fixed
suse enterprise server 12 SP5
1.22-3.20.1
fixed
python2-pip
suse enterprise desktop 15
10.0.1-1.9
fixed
suse enterprise sap 15
10.0.1-1.9
fixed
suse enterprise server 15
10.0.1-1.9
fixed
python2-requests
suse enterprise desktop 15
2.18.4-1.35
fixed
suse enterprise sap 15
2.18.4-1.35
fixed
suse enterprise server 15
2.18.4-1.35
fixed
python3-certifi
suse enterprise sap 12
2018.4.16-3.6.1
fixed
suse enterprise sap 12 SP2
2018.4.16-3.6.1
fixed
suse enterprise sap 12 SP3
2018.4.16-3.6.1
fixed
suse enterprise sap 12 SP4
2018.4.16-3.6.1
fixed
suse enterprise sap 12 SP5
2018.4.16-3.6.1
fixed
suse enterprise server 12
2018.4.16-3.6.1
fixed
suse enterprise server 12 SP2
2018.4.16-3.6.1
fixed
suse enterprise server 12 SP3
2018.4.16-3.6.1
fixed
suse enterprise server 12 SP4
2018.4.16-3.6.1
fixed
suse enterprise server 12 SP5
2018.4.16-3.6.1
fixed
suse enterprise workstation 12 SP5
2018.4.16-3.6.1
fixed
python3-chardet
suse enterprise sap 12
3.0.4-5.6.1
fixed
suse enterprise sap 12 SP2
3.0.4-5.6.1
fixed
suse enterprise sap 12 SP3
3.0.4-5.6.1
fixed
suse enterprise sap 12 SP4
3.0.4-5.6.1
fixed
suse enterprise sap 12 SP5
3.0.4-5.6.1
fixed
suse enterprise server 12
3.0.4-5.6.1
fixed
suse enterprise server 12 SP2
3.0.4-5.6.1
fixed
suse enterprise server 12 SP3
3.0.4-5.6.1
fixed
suse enterprise server 12 SP4
3.0.4-5.6.1
fixed
suse enterprise server 12 SP5
3.0.4-5.6.1
fixed
suse enterprise workstation 12 SP5
3.0.4-5.6.1
fixed
python3-jmespath
suse enterprise sap 12
0.9.2-10.6.1
fixed
suse enterprise sap 12 SP3
0.9.2-10.6.1
fixed
suse enterprise sap 12 SP4
0.9.2-10.6.1
fixed
suse enterprise sap 12 SP5
0.9.2-10.6.1
fixed
suse enterprise server 12
0.9.2-10.6.1
fixed
suse enterprise server 12 SP3
0.9.2-10.6.1
fixed
suse enterprise server 12 SP4
0.9.2-10.6.1
fixed
suse enterprise server 12 SP5
0.9.2-10.6.1
fixed
python3-jsonschema
suse enterprise sap 12
2.2.0-3.3.1
fixed
suse enterprise sap 12 SP3
2.2.0-3.3.1
fixed
suse enterprise sap 12 SP4
2.2.0-3.3.1
fixed
suse enterprise sap 12 SP5
2.2.0-3.3.1
fixed
suse enterprise server 12
2.2.0-3.3.1
fixed
suse enterprise server 12 SP3
2.2.0-3.3.1
fixed
suse enterprise server 12 SP4
2.2.0-3.3.1
fixed
suse enterprise server 12 SP5
2.2.0-3.3.1
fixed
python3-paramiko
suse enterprise sap 12
1.18.5-2.15.1
fixed
suse enterprise sap 12 SP3
1.18.5-2.15.1
fixed
suse enterprise sap 12 SP4
1.18.5-2.15.1
fixed
suse enterprise sap 12 SP5
1.18.5-2.15.1
fixed
suse enterprise server 12
1.18.5-2.15.1
fixed
suse enterprise server 12 SP3
1.18.5-2.15.1
fixed
suse enterprise server 12 SP4
1.18.5-2.15.1
fixed
suse enterprise server 12 SP5
1.18.5-2.15.1
fixed
python3-pip
suse enterprise desktop 15
10.0.1-1.9
fixed
suse enterprise desktop 15 SP1
10.0.1-1.9
fixed
suse enterprise desktop 15 SP2
10.0.1-1.9
fixed
suse enterprise desktop 15 SP3
20.0.2-6.12.1
fixed
suse enterprise desktop 15 SP4
20.0.2-150400.15.6
fixed
suse enterprise desktop 15 SP5
20.0.2-150400.20.1
fixed
suse enterprise desktop 15 SP6
20.0.2-150400.20.1
fixed
suse enterprise desktop 15 SP7
20.0.2-150400.20.1
fixed
suse enterprise sap 12
10.0.1-11.6.1
fixed
suse enterprise sap 12 SP3
10.0.1-11.6.1
fixed
suse enterprise sap 12 SP4
10.0.1-11.6.1
fixed
suse enterprise sap 12 SP5
10.0.1-11.6.1
fixed
suse enterprise sap 15
10.0.1-1.9
fixed
suse enterprise sap 15 SP1
10.0.1-1.9
fixed
suse enterprise sap 15 SP2
10.0.1-1.9
fixed
suse enterprise sap 15 SP3
20.0.2-6.12.1
fixed
suse enterprise sap 15 SP4
20.0.2-150400.15.6
fixed
suse enterprise sap 15 SP5
20.0.2-150400.20.1
fixed
suse enterprise sap 15 SP6
20.0.2-150400.20.1
fixed
suse enterprise sap 15 SP7
20.0.2-150400.20.1
fixed
suse enterprise server 12
10.0.1-11.6.1
fixed
suse enterprise server 12 SP3
10.0.1-11.6.1
fixed
suse enterprise server 12 SP4
10.0.1-11.6.1
fixed
suse enterprise server 12 SP5
10.0.1-11.6.1
fixed
suse enterprise server 15
10.0.1-1.9
fixed
suse enterprise server 15 SP1
10.0.1-1.9
fixed
suse enterprise server 15 SP2
10.0.1-1.9
fixed
suse enterprise server 15 SP3
20.0.2-6.12.1
fixed
suse enterprise server 15 SP4
20.0.2-150400.15.6
fixed
suse enterprise server 15 SP5
20.0.2-150400.20.1
fixed
suse enterprise server 15 SP6
20.0.2-150400.20.1
fixed
suse enterprise server 15 SP7
20.0.2-150400.20.1
fixed
python3-pip-wheel
suse enterprise desktop 15 SP3
10.0.1-3.6.1
fixed
suse enterprise desktop 15 SP4
20.0.2-150400.15.6
fixed
suse enterprise desktop 15 SP5
20.0.2-150400.20.1
fixed
suse enterprise desktop 15 SP6
20.0.2-150400.20.1
fixed
suse enterprise desktop 15 SP7
20.0.2-150400.20.1
fixed
suse enterprise sap 15 SP3
10.0.1-3.6.1
fixed
suse enterprise sap 15 SP4
20.0.2-150400.15.6
fixed
suse enterprise sap 15 SP5
20.0.2-150400.20.1
fixed
suse enterprise sap 15 SP6
20.0.2-150400.20.1
fixed
suse enterprise sap 15 SP7
20.0.2-150400.20.1
fixed
suse enterprise server 15 SP3
10.0.1-3.6.1
fixed
suse enterprise server 15 SP4
20.0.2-150400.15.6
fixed
suse enterprise server 15 SP5
20.0.2-150400.20.1
fixed
suse enterprise server 15 SP6
20.0.2-150400.20.1
fixed
suse enterprise server 15 SP7
20.0.2-150400.20.1
fixed
python3-ply
suse enterprise sap 12
3.4-3.3.1
fixed
suse enterprise sap 12 SP3
3.4-3.3.1
fixed
suse enterprise sap 12 SP4
3.4-3.3.1
fixed
suse enterprise sap 12 SP5
3.4-3.3.1
fixed
suse enterprise server 12
3.4-3.3.1
fixed
suse enterprise server 12 SP3
3.4-3.3.1
fixed
suse enterprise server 12 SP4
3.4-3.3.1
fixed
suse enterprise server 12 SP5
3.4-3.3.1
fixed
python3-requests
suse enterprise desktop 15
2.18.4-1.35
fixed
suse enterprise desktop 15 SP1
2.20.0-4.24
fixed
suse enterprise desktop 15 SP2
2.20.1-6.6.1
fixed
suse enterprise desktop 15 SP3
2.24.0-1.24
fixed
suse enterprise desktop 15 SP4
2.24.0-1.24
fixed
suse enterprise desktop 15 SP5
2.24.0-1.24
fixed
suse enterprise desktop 15 SP6
2.25.1-150300.3.6.1
fixed
suse enterprise desktop 15 SP7
2.25.1-150300.3.12.2
fixed
suse enterprise sap 12 SP2
2.20.1-5.2
fixed
suse enterprise sap 12 SP3
2.20.1-5.2
fixed
suse enterprise sap 12 SP5
2.20.1-5.2
fixed
suse enterprise sap 15
2.18.4-1.35
fixed
suse enterprise sap 15 SP1
2.20.0-4.24
fixed
suse enterprise sap 15 SP2
2.20.1-6.6.1
fixed
suse enterprise sap 15 SP3
2.24.0-1.24
fixed
suse enterprise sap 15 SP4
2.24.0-1.24
fixed
suse enterprise sap 15 SP5
2.24.0-1.24
fixed
suse enterprise sap 15 SP6
2.25.1-150300.3.6.1
fixed
suse enterprise sap 15 SP7
2.25.1-150300.3.12.2
fixed
suse enterprise server 12 SP2
2.20.1-5.2
fixed
suse enterprise server 12 SP3
2.20.1-5.2
fixed
suse enterprise server 12 SP5
2.20.1-5.2
fixed
suse enterprise server 15
2.18.4-1.35
fixed
suse enterprise server 15 SP1
2.20.0-4.24
fixed
suse enterprise server 15 SP2
2.20.1-6.6.1
fixed
suse enterprise server 15 SP3
2.24.0-1.24
fixed
suse enterprise server 15 SP4
2.24.0-1.24
fixed
suse enterprise server 15 SP5
2.24.0-1.24
fixed
suse enterprise server 15 SP6
2.25.1-150300.3.6.1
fixed
suse enterprise server 15 SP7
2.25.1-150300.3.12.2
fixed
suse enterprise workstation 12 SP5
2.20.1-5.2
fixed
python3-urllib3
suse enterprise sap 12
1.22-3.20.1
fixed
suse enterprise sap 12 SP2
1.22-3.20.1
fixed
suse enterprise sap 12 SP3
1.22-3.20.1
fixed
suse enterprise sap 12 SP4
1.22-3.20.1
fixed
suse enterprise sap 12 SP5
1.22-3.20.1
fixed
suse enterprise server 12
1.22-3.20.1
fixed
suse enterprise server 12 SP2
1.22-3.20.1
fixed
suse enterprise server 12 SP3
1.22-3.20.1
fixed
suse enterprise server 12 SP4
1.22-3.20.1
fixed
suse enterprise server 12 SP5
1.22-3.20.1
fixed
suse enterprise workstation 12 SP5
1.22-3.20.1
fixed
python311-pip
suse enterprise desktop 15 SP6
22.3.1-150400.17.12.1
fixed
suse enterprise sap 15 SP6
22.3.1-150400.17.12.1
fixed
suse enterprise server 15 SP6
22.3.1-150400.17.12.1
fixed
python311-requests
suse enterprise desktop 15 SP6
2.31.0-150400.6.5.7
fixed
suse enterprise sap 15 SP6
2.31.0-150400.6.5.7
fixed
suse enterprise server 15 SP6
2.31.0-150400.6.5.7
fixed
python312-pip
suse enterprise desktop 15 SP6
23.2.1-150600.1.3
fixed
suse enterprise sap 15 SP6
23.2.1-150600.1.3
fixed
suse enterprise server 15 SP6
23.2.1-150600.1.3
fixed
python36
suse enterprise server 12 SP3
3.6.15-6.61.6
fixed
python36-PyYAML
suse enterprise server 12 SP3
5.3.1-6.5.12
fixed
python36-appdirs
suse enterprise server 12 SP3
1.4.3-6.3.8
fixed
python36-asn1crypto
suse enterprise server 12 SP3
0.24.0-6.3.16
fixed
python36-base
suse enterprise server 12 SP3
3.6.15-6.61.5
fixed
python36-boto3
suse enterprise server 12 SP3
1.17.9-6.3.11
fixed
python36-botocore
suse enterprise server 12 SP3
1.20.9-6.3.11
fixed
python36-certifi
suse enterprise server 12 SP3
2018.1.18-6.3.15
fixed
python36-cffi
suse enterprise server 12 SP3
1.11.5-6.3.18
fixed
python36-chardet
suse enterprise server 12 SP3
3.0.4-6.3.15
fixed
python36-colorama
suse enterprise server 12 SP3
0.4.4-6.3.15
fixed
python36-cryptography
suse enterprise server 12 SP3
2.8-6.3.17
fixed
python36-curses
suse enterprise server 12 SP3
3.6.15-6.61.6
fixed
python36-dbm
suse enterprise server 12 SP3
3.6.15-6.61.6
fixed
python36-devel
suse enterprise server 12 SP3
3.6.15-6.61.5
fixed
python36-docutils
suse enterprise server 12 SP3
0.14-6.3.8
fixed
python36-idle
suse enterprise server 12 SP3
3.6.15-6.61.6
fixed
python36-idna
suse enterprise server 12 SP3
2.6-6.5.15
fixed
python36-jmespath
suse enterprise server 12 SP3
0.9.3-6.3.14
fixed
python36-packaging
suse enterprise server 12 SP3
17.1-6.6.8
fixed
python36-ply
suse enterprise server 12 SP3
3.10-6.3.8
fixed
python36-ply-doc
suse enterprise server 12 SP3
3.10-6.3.8
fixed
python36-py
suse enterprise server 12 SP3
1.8.1-6.3.15
fixed
python36-pyOpenSSL
suse enterprise server 12 SP3
17.1.0-6.3.16
fixed
python36-pyasn1
suse enterprise server 12 SP3
0.1.9-6.3.18
fixed
python36-pycparser
suse enterprise server 12 SP3
2.10-6.3.9
fixed
python36-pyparsing
suse enterprise server 12 SP3
2.4.7-6.3.9
fixed
python36-pyparsing-doc
suse enterprise server 12 SP3
2.4.7-6.3.9
fixed
python36-python-dateutil
suse enterprise server 12 SP3
2.7.3-6.3.13
fixed
python36-requests
suse enterprise server 12 SP3
2.24.0-6.3.15
fixed
python36-rsa
suse enterprise server 12 SP3
3.4.2-6.3.15
fixed
python36-s3transfer
suse enterprise server 12 SP3
0.3.3-6.3.11
fixed
python36-setuptools
suse enterprise server 12 SP3
44.1.1-9.11.1
fixed
python36-setuptools-test
suse enterprise server 12 SP3
44.1.1-6.7.4
fixed
python36-setuptools-wheel
suse enterprise server 12 SP3
44.1.1-6.7.3
fixed
python36-simplejson
suse enterprise server 12 SP3
3.8.2-6.3.16
fixed
python36-six
suse enterprise server 12 SP3
1.14.0-6.7.3
fixed
python36-six-doc
suse enterprise server 12 SP3
1.14.0-6.7.6
fixed
python36-testsuite
suse enterprise server 12 SP3
3.6.15-6.61.5
fixed
python36-tk
suse enterprise server 12 SP3
3.6.15-6.61.6
fixed
python36-tools
suse enterprise server 12 SP3
3.6.15-6.61.5
fixed
python36-urllib3
suse enterprise server 12 SP3
1.25.10-6.3.13
fixed
python39-pip
suse enterprise desktop 15 SP3
20.2.4-7.5.1
fixed
suse enterprise sap 15 SP3
20.2.4-7.5.1
fixed
suse enterprise server 15 SP3
20.2.4-7.5.1
fixed
python39-setuptools
suse enterprise desktop 15 SP3
44.1.1-7.3.1
fixed
suse enterprise sap 15 SP3
44.1.1-7.3.1
fixed
suse enterprise server 15 SP3
44.1.1-7.3.1
fixed
References
http://advisories.mageia.org/MGASA-2015-0120.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153594.html
http://www.mandriva.com/security/advisories?name=MDVSA-2015:133
http://www.openwall.com/lists/oss-security/2015/03/14/4
http://www.openwall.com/lists/oss-security/2015/03/15/1
http://www.ubuntu.com/usn/USN-2531-1
https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc
https://warehouse.python.org/project/requests/2.6.0/
http://advisories.mageia.org/MGASA-2015-0120.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153594.html
http://www.mandriva.com/security/advisories?name=MDVSA-2015:133
http://www.openwall.com/lists/oss-security/2015/03/14/4
http://www.openwall.com/lists/oss-security/2015/03/15/1
http://www.ubuntu.com/usn/USN-2531-1
https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc
https://warehouse.python.org/project/requests/2.6.0/