CVE-2015-2296 (retired)

Priority
Description
The resolve_redirects function in sessions.py in requests 2.1.0 through
2.5.3 allows remote attackers to conduct session fixation attacks via a
cookie without a host value in a redirect.
Notes
 mdeslaur> reproducer script:
 mdeslaur> https://gist.github.com/OddBloke/211ff98b63a8cfb3f6d4
Assigned-to
mdeslaur
Package
Upstream:released (2.6.0,2.4.3-6)
Ubuntu 14.04 LTS (Trusty Tahr):released (2.2.1-1ubuntu0.2)
Patches:
Upstream:https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc
More Information

Updated: 2019-03-26 12:14:48 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)