VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-b16q-djxv-m7c2

Essentials
Severities (23)
References (21)
Severity details (14)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-b16q-djxv-m7c2
Aliases	CVE-2015-2296 GHSA-pg2w-x9wp-vw92 PYSEC-2015-17
Summary	The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-201	Insertion of Sensitive Information Into Sent Data

System	Score	Found at
generic_textual	MODERATE	http://advisories.mageia.org/MGASA-2015-0120.html
generic_textual	MODERATE	http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153594.html
epss	0.0114	https://api.first.org/data/v1/epss?cve=CVE-2015-2296
epss	0.0114	https://api.first.org/data/v1/epss?cve=CVE-2015-2296
epss	0.0114	https://api.first.org/data/v1/epss?cve=CVE-2015-2296
epss	0.0114	https://api.first.org/data/v1/epss?cve=CVE-2015-2296
epss	0.0114	https://api.first.org/data/v1/epss?cve=CVE-2015-2296
epss	0.0114	https://api.first.org/data/v1/epss?cve=CVE-2015-2296
epss	0.0114	https://api.first.org/data/v1/epss?cve=CVE-2015-2296
epss	0.0114	https://api.first.org/data/v1/epss?cve=CVE-2015-2296
epss	0.0114	https://api.first.org/data/v1/epss?cve=CVE-2015-2296
cvssv2	1.8	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-pg2w-x9wp-vw92
generic_textual	MODERATE	https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc
generic_textual	MODERATE	https://github.com/psf/requests
generic_textual	MODERATE	https://github.com/psf/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc
generic_textual	MODERATE	https://github.com/pypa/advisory-database/tree/main/vulns/requests/PYSEC-2015-17.yaml
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2015-2296
generic_textual	MODERATE	https://warehouse.python.org/project/requests/2.6.0
generic_textual	MODERATE	http://www.mandriva.com/security/advisories?name=MDVSA-2015:133
generic_textual	MODERATE	http://www.openwall.com/lists/oss-security/2015/03/14/4
generic_textual	MODERATE	http://www.openwall.com/lists/oss-security/2015/03/15/1
generic_textual	MODERATE	http://www.ubuntu.com/usn/USN-2531-1

Reference id	Reference type	URL
		http://advisories.mageia.org/MGASA-2015-0120.html
		http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153594.html
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2296.json
		https://api.first.org/data/v1/epss?cve=CVE-2015-2296
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2296
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc
		https://github.com/psf/requests
		https://github.com/psf/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc
		https://github.com/pypa/advisory-database/tree/main/vulns/requests/PYSEC-2015-17.yaml
		https://warehouse.python.org/project/requests/2.6.0
		https://warehouse.python.org/project/requests/2.6.0/
		http://www.mandriva.com/security/advisories?name=MDVSA-2015:133
		http://www.openwall.com/lists/oss-security/2015/03/14/4
		http://www.openwall.com/lists/oss-security/2015/03/15/1
		http://www.ubuntu.com/usn/USN-2531-1
1202904		https://bugzilla.redhat.com/show_bug.cgi?id=1202904
780506		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780506
CVE-2015-2296		https://nvd.nist.gov/vuln/detail/CVE-2015-2296
GHSA-pg2w-x9wp-vw92		https://github.com/advisories/GHSA-pg2w-x9wp-vw92
USN-2531-1		https://usn.ubuntu.com/2531-1/

No exploits are available.

Vector: AV:A/AC:H/Au:N/C:P/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Exploit Prediction Scoring System (EPSS)

Percentile	0.78357
EPSS Score	0.0114
Published At	April 1, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T12:41:12.841893+00:00	Pypa Importer	Import	https://github.com/pypa/advisory-database/blob/main/vulns/requests/PYSEC-2015-17.yaml	38.0.0