Skip to main content

Mageia CVE-2015-2296

MEDIUM
2015-03-18 cve@mitre.org
6.8
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:N/C:P/I:P/A:P
Attack Vector
Network
Attack Complexity
M
Confidentiality
P
Integrity
P
Availability
P

Lifecycle Timeline

1
CVE Published
Mar 18, 2015 - 16:59 cve.org
MEDIUM 6.8

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 1 pypi packages depend on requests (1 direct, 0 indirect)

Ecosystem-wide dependent count for version 2.1.0.

DescriptionCVE.org

The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.

AnalysisAI

The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Technical ContextAI

The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect. Affected products include: Mageia Project Mageia, Python Requests, Canonical Ubuntu Linux. Version information: through 2.5.3.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Mageia

View all
CVE-2014-9274 HIGH POC
7.5 Dec 09

UnRTF allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code as demonstrated b

CVE-2014-5461 MEDIUM POC
5.0 Sep 04

Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attacker

CVE-2014-9116 MEDIUM POC
5.0 Dec 02

The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, w

CVE-2014-7204 MEDIUM POC
5.0 Oct 07

jscript.c in Exuberant Ctags 5.8 allows remote attackers to cause a denial of service (infinite loop and CPU and disk co

CVE-2014-9087 HIGH
7.5 Dec 01

Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to

CVE-2014-8117 MEDIUM
5.0 Dec 17

softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of se

CVE-2014-8116 MEDIUM
5.0 Dec 17

The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or

CVE-2013-4159 HIGH
7.5 Aug 06

ctdb before 2.3 in OpenSUSE 12.3 and 13.1 does not create temporary files securely, which has unspecified impact related

CVE-2014-9037 MEDIUM
6.8 Nov 25

WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obt

CVE-2014-8104 MEDIUM
6.8 Dec 03

OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause

CVE-2014-3429 MEDIUM
6.8 Aug 07

IPython Notebook 0.12 through 1.x before 1.2 does not validate the origin of websocket requests, which allows remote att

CVE-2014-4668 MEDIUM
6.8 Jul 02

The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does

Share

CVE-2015-2296 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy