Moderate severityNVD Advisory· Published Mar 18, 2015· Updated Jun 17, 2026
CVE-2015-2296
CVE-2015-2296
Description
The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
requestsPyPI | >= 2.1.0, < 2.6.0 | 2.6.0 |
Affected products
120cpe:2.3:a:python:requests:2.1.0:*:*:*:*:*:*:*+ 10 more
- cpe:2.3:a:python:requests:2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:python:requests:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:python:requests:2.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:python:requests:2.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:python:requests:2.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:python:requests:2.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:python:requests:2.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:python:requests:2.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:python:requests:2.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:python:requests:2.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:python:requests:2.5.3:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*+ 1 more
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
- ghsa-coords106 versionspkg:pypi/requestspkg:rpm/opensuse/python2-pip&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python-pip&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python-requests&distro=openSUSE%20Tumbleweedpkg:rpm/suse/python39-pip&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/python39-setuptools&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/python3-requests&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/python3-requests&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/python3-requests&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/python3-requests&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/python3-requests&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/python3-requests&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/python3-requests&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/python3-requests&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/python3-requests&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/python3-requests&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/python3-requests&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/python3-requests&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/python3-requests&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/python3-requests&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5pkg:rpm/suse/python3-requests&distro=SUSE%20Manager%20Proxy%203.2pkg:rpm/suse/python3-requests&distro=SUSE%20Manager%20Server%203.2pkg:rpm/suse/python3-requests&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/python3-requests&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/python3-requests&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/python-certifi&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/python-certifi&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/python-certifi&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2012pkg:rpm/suse/python-certifi&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/python-certifi&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/python-certifi&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/python-certifi&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/python-certifi&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/python-certifi&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/python-certifi&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/python-certifi&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/python-certifi&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/python-certifi&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/python-certifi&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/python-certifi&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5pkg:rpm/suse/python-certifi&distro=SUSE%20Manager%20Proxy%203.2pkg:rpm/suse/python-certifi&distro=SUSE%20Manager%20Server%203.2pkg:rpm/suse/python-certifi&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/python-certifi&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/python-certifi&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/python-chardet&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/python-chardet&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/python-chardet&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2012pkg:rpm/suse/python-chardet&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/python-chardet&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/python-chardet&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/python-chardet&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/python-chardet&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/python-chardet&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/python-chardet&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/python-chardet&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/python-chardet&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/python-chardet&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/python-chardet&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/python-chardet&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5pkg:rpm/suse/python-chardet&distro=SUSE%20Manager%20Proxy%203.2pkg:rpm/suse/python-chardet&distro=SUSE%20Manager%20Server%203.2pkg:rpm/suse/python-chardet&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/python-chardet&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/python-chardet&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/python-jmespath&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2012pkg:rpm/suse/python-jsonschema&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2012pkg:rpm/suse/python-paramiko&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2012pkg:rpm/suse/python-pip&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2012pkg:rpm/suse/python-pip&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/python-ply&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/python-ply&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2012pkg:rpm/suse/python-ply&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/python-ply&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/python-ply&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/python-requests&distro=SUSE%20Cloud%20Compute%20Node%20for%20SUSE%20Linux%20Enterprise%2012%205pkg:rpm/suse/python-requests&distro=SUSE%20Enterprise%20Storage%201.0pkg:rpm/suse/python-requests&distro=SUSE%20Enterprise%20Storage%202pkg:rpm/suse/python-requests&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1pkg:rpm/suse/python-requests&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012pkg:rpm/suse/python-requests&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2012pkg:rpm/suse/python-requests&distro=SUSE%20Linux%20Enterprise%20Server%2012pkg:rpm/suse/python-requests&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1pkg:rpm/suse/python-requests&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/python-requests&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/python-requests&distro=SUSE%20OpenStack%20Cloud%205pkg:rpm/suse/python-urllib3&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/python-urllib3&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/python-urllib3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2012pkg:rpm/suse/python-urllib3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/python-urllib3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/python-urllib3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/python-urllib3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/python-urllib3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/python-urllib3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/python-urllib3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/python-urllib3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/python-urllib3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/python-urllib3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/python-urllib3&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/python-urllib3&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5pkg:rpm/suse/python-urllib3&distro=SUSE%20Manager%20Proxy%203.2pkg:rpm/suse/python-urllib3&distro=SUSE%20Manager%20Server%203.2pkg:rpm/suse/python-urllib3&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/python-urllib3&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/python-urllib3&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208
>= 2.1.0, < 2.6.0+ 105 more
- (no CPE)range: >= 2.1.0, < 2.6.0
- (no CPE)range: < 20.0.2-2.6
- (no CPE)range: < 9.0.1-1.1
- (no CPE)range: < 2.11.1-1.1
- (no CPE)range: < 20.2.4-7.5.1
- (no CPE)range: < 44.1.1-7.3.1
- (no CPE)range: < 2.20.1-5.2
- (no CPE)range: < 2.20.1-5.2
- (no CPE)range: < 2.20.1-5.2
- (no CPE)range: < 2.20.1-5.2
- (no CPE)range: < 2.20.1-5.2
- (no CPE)range: < 2.20.1-5.2
- (no CPE)range: < 2.20.1-5.2
- (no CPE)range: < 2.20.1-5.2
- (no CPE)range: < 2.20.1-5.2
- (no CPE)range: < 2.20.1-5.2
- (no CPE)range: < 2.20.1-5.2
- (no CPE)range: < 2.20.1-5.2
- (no CPE)range: < 2.20.1-5.2
- (no CPE)range: < 2.20.1-5.2
- (no CPE)range: < 2.20.1-5.2
- (no CPE)range: < 2.20.1-5.2
- (no CPE)range: < 2.20.1-5.2
- (no CPE)range: < 2.20.1-5.2
- (no CPE)range: < 2.20.1-5.2
- (no CPE)range: < 2018.4.16-3.6.1
- (no CPE)range: < 2018.4.16-3.6.1
- (no CPE)range: < 2018.4.16-3.6.1
- (no CPE)range: < 2018.4.16-3.6.1
- (no CPE)range: < 2018.4.16-3.6.1
- (no CPE)range: < 2018.4.16-3.6.1
- (no CPE)range: < 2018.4.16-3.6.1
- (no CPE)range: < 2018.4.16-3.6.1
- (no CPE)range: < 2018.4.16-3.6.1
- (no CPE)range: < 2018.4.16-3.6.1
- (no CPE)range: < 2018.4.16-3.6.1
- (no CPE)range: < 2018.4.16-3.6.1
- (no CPE)range: < 2018.4.16-3.6.1
- (no CPE)range: < 2018.4.16-3.6.1
- (no CPE)range: < 2018.4.16-3.6.1
- (no CPE)range: < 2018.4.16-3.6.1
- (no CPE)range: < 2018.4.16-3.6.1
- (no CPE)range: < 2018.4.16-3.6.1
- (no CPE)range: < 2018.4.16-3.6.1
- (no CPE)range: < 2018.4.16-3.6.1
- (no CPE)range: < 3.0.4-5.6.1
- (no CPE)range: < 3.0.4-5.6.1
- (no CPE)range: < 3.0.4-5.6.1
- (no CPE)range: < 3.0.4-5.6.1
- (no CPE)range: < 3.0.4-5.6.1
- (no CPE)range: < 3.0.4-5.6.1
- (no CPE)range: < 3.0.4-5.6.1
- (no CPE)range: < 3.0.4-5.6.1
- (no CPE)range: < 3.0.4-5.6.1
- (no CPE)range: < 3.0.4-5.6.1
- (no CPE)range: < 3.0.4-5.6.1
- (no CPE)range: < 3.0.4-5.6.1
- (no CPE)range: < 3.0.4-5.6.1
- (no CPE)range: < 3.0.4-5.6.1
- (no CPE)range: < 3.0.4-5.6.1
- (no CPE)range: < 3.0.4-5.6.1
- (no CPE)range: < 3.0.4-5.6.1
- (no CPE)range: < 3.0.4-5.6.1
- (no CPE)range: < 3.0.4-5.6.1
- (no CPE)range: < 3.0.4-5.6.1
- (no CPE)range: < 0.9.2-10.6.1
- (no CPE)range: < 2.2.0-3.3.1
- (no CPE)range: < 1.18.5-2.15.1
- (no CPE)range: < 10.0.1-11.6.1
- (no CPE)range: < 10.0.1-11.6.1
- (no CPE)range: < 3.4-3.3.1
- (no CPE)range: < 3.4-3.3.1
- (no CPE)range: < 3.4-3.3.1
- (no CPE)range: < 3.4-3.3.1
- (no CPE)range: < 3.4-3.3.1
- (no CPE)range: < 2.8.1-6.9.1
- (no CPE)range: < 2.8.1-6.9.1
- (no CPE)range: < 2.8.1-6.9.1
- (no CPE)range: < 2.8.1-6.9.1
- (no CPE)range: < 2.8.1-6.9.1
- (no CPE)range: < 2.8.1-6.9.1
- (no CPE)range: < 2.8.1-6.9.1
- (no CPE)range: < 2.8.1-6.9.1
- (no CPE)range: < 2.8.1-6.9.1
- (no CPE)range: < 2.8.1-6.9.1
- (no CPE)range: < 2.3.0-9.2
- (no CPE)range: < 1.22-3.20.1
- (no CPE)range: < 1.22-3.20.1
- (no CPE)range: < 1.22-3.20.1
- (no CPE)range: < 1.22-3.20.1
- (no CPE)range: < 1.22-3.20.1
- (no CPE)range: < 1.22-3.20.1
- (no CPE)range: < 1.22-3.20.1
- (no CPE)range: < 1.22-3.20.1
- (no CPE)range: < 1.22-3.20.1
- (no CPE)range: < 1.22-3.20.1
- (no CPE)range: < 1.22-3.20.1
- (no CPE)range: < 1.22-3.20.1
- (no CPE)range: < 1.22-3.20.1
- (no CPE)range: < 1.22-3.20.1
- (no CPE)range: < 1.22-3.20.1
- (no CPE)range: < 1.22-3.20.1
- (no CPE)range: < 1.22-3.20.1
- (no CPE)range: < 1.22-3.20.1
- (no CPE)range: < 1.22-3.20.1
- (no CPE)range: < 1.22-3.20.1
Patches
Vulnerability mechanics
References
13- github.com/advisories/GHSA-pg2w-x9wp-vw92ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2015-2296ghsaADVISORY
- warehouse.python.org/project/requests/2.6.0/nvdVendor Advisory
- advisories.mageia.org/MGASA-2015-0120.htmlnvdWEB
- lists.fedoraproject.org/pipermail/package-announce/2015-March/153594.htmlnvdWEB
- www.mandriva.com/security/advisoriesnvdWEB
- www.openwall.com/lists/oss-security/2015/03/14/4nvdWEB
- www.openwall.com/lists/oss-security/2015/03/15/1nvdWEB
- www.ubuntu.com/usn/USN-2531-1nvdWEB
- github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafcnvdWEB
- github.com/psf/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafcghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/requests/PYSEC-2015-17.yamlghsaWEB
- warehouse.python.org/project/requests/2.6.0ghsaWEB
News mentions
0No linked articles in our index yet.