oss-sec mailing list archives
Re: CVE Request for python-requests session fixation vulnerability
From: cve-assign () mitre org
Date: Sat, 14 Mar 2015 21:14:42 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc
Instead of the cookies only being set for the domain which sent the HTTP response, they are also sent to the redirection target
Use CVE-2015-2296 for this one issue that has impacts of both session fixation and cookie stealing. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJVBNu0AAoJEKllVAevmvmsnf8H/2HJTi7OH++STszOmfMkHQTO t+LO8G44Ge9NwmMbZF3lXy7Yi71VJLcpNjrHs2+fPiUWZmYaP3+5d5tDOOz8au8c iuOdxoNucOBaJNvXIVUkzjeKqz640zlu2+RCzVwJ7GSLQ9wtj4adMU3hgQ1OtY6O 9jtXnSW6L16NKTaegOn7Ay+0eCEVPDSKaeXSH9ITmwklsnome/HSav+co/KMy121 pcUow+qForQGPkboy95HWAwN0IJycASwKxHpW6RmOSg8zYwjrpsDrufdTkKarl4T xi3LKLUp4k611XzPG2LZAcfs5Q4XARpbbp/TICQVx7E5VmKrdtGhObMJj8WgT9A= =VU7C -----END PGP SIGNATURE-----
Current thread:
- CVE Request for python-requests session fixation vulnerability Ian Cordasco (Mar 14)
- Re: CVE Request for python-requests session fixation vulnerability cve-assign (Mar 14)