Описание
The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.
A flaw was found in the way python-requests set the domain cookie parameter for certain HTTP responses. A remote attacker could use this flaw to modify a cookie to be sent to an arbitrary URL.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ceph Storage 1.2 | python-requests | Not affected | ||
| Red Hat Ceph Storage 1.3 | python-requests | Not affected | ||
| Red Hat Enterprise Linux 7 | python-requests | Not affected | ||
| Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse) | python-requests | Not affected | ||
| Red Hat Enterprise Linux OpenStack Platform 6 (Juno) | python-requests | Fix deferred | ||
| Red Hat Enterprise Linux OpenStack Platform 6 (Juno) Installer | python-requests | Fix deferred | ||
| Red Hat OpenStack Platform 4 | python-requests | Not affected | ||
| Red Hat Satellite 6 | python-requests | Will not fix | ||
| Red Hat Storage 2 | python-requests | Not affected | ||
| Red Hat Storage 3 | python-requests | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.
The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.
The resolve_redirects function in sessions.py in requests 2.1.0 throug ...
EPSS
4.3 Medium
CVSS2