{"cve": [{"lastseen": "2021-02-02T06:21:22", "description": "The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.\n<a href=\"http://cwe.mitre.org/data/definitions/384.html\">CWE-384: Session Fixation</a>", "edition": 4, "cvss3": {}, "published": "2015-03-18T16:59:00", "title": "CVE-2015-2296", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-2296"], "modified": "2016-07-15T15:23:00", "cpe": ["cpe:/a:python-requests:requests:2.5.3", "cpe:/o:mageia_project:mageia:4.0", "cpe:/a:python-requests:requests:2.2.1", "cpe:/a:python-requests:requests:2.3.0", "cpe:/a:python-requests:requests:2.5.2", "cpe:/a:python-requests:requests:2.4.1", "cpe:/a:python-requests:requests:2.5.1", "cpe:/a:python-requests:requests:2.4.2", "cpe:/o:canonical:ubuntu_linux:14.10", "cpe:/a:python-requests:requests:2.1.0", "cpe:/a:python-requests:requests:2.4.3", "cpe:/a:python-requests:requests:2.4.0", "cpe:/a:python-requests:requests:2.5.0", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2015-2296", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2296", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:python-requests:requests:2.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:python-requests:requests:2.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:python-requests:requests:2.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:python-requests:requests:2.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:python-requests:requests:2.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:python-requests:requests:2.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:python-requests:requests:2.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:python-requests:requests:2.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:python-requests:requests:2.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:python-requests:requests:2.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:mageia_project:mageia:4.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*", "cpe:2.3:a:python-requests:requests:2.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}], "openvas": [{"lastseen": "2020-03-17T22:59:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-2296"], "description": "The remote host is missing an update announced via the referenced Security Advisory.", "modified": "2020-03-13T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120537", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120537", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2015-512)", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120537\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:28:57 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2015-512)\");\n script_tag(name:\"insight\", value:\"A flaw was found in the way python-requests set the domain cookie parameter for certain HTTP responses. A remote attacker could use this flaw to modify a cookie to be sent to an arbitrary URL.\");\n script_tag(name:\"solution\", value:\"Run yum update python-botocore to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-512.html\");\n script_cve_id(\"CVE-2015-2296\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"python26-botocore\", rpm:\"python26-botocore~0.103.0~1.7.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python27-botocore\", rpm:\"python27-botocore~0.103.0~1.7.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-botocore\", rpm:\"python-botocore~0.103.0~1.7.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-2296"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-03-30T00:00:00", "id": "OPENVAS:1361412562310869139", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869139", "type": "openvas", "title": "Fedora Update for python-urllib3 FEDORA-2015-4084", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for python-urllib3 FEDORA-2015-4084\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869139\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-03-30 07:02:41 +0200 (Mon, 30 Mar 2015)\");\n script_cve_id(\"CVE-2015-2296\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for python-urllib3 FEDORA-2015-4084\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'python-urllib3'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"python-urllib3 on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-4084\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-March/153595.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"python-urllib3\", rpm:\"python-urllib3~1.10.2~1.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-2296"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-03-30T00:00:00", "id": "OPENVAS:1361412562310869140", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869140", "type": "openvas", "title": "Fedora Update for python-requests FEDORA-2015-4084", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for python-requests FEDORA-2015-4084\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869140\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-03-30 07:03:05 +0200 (Mon, 30 Mar 2015)\");\n script_cve_id(\"CVE-2015-2296\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for python-requests FEDORA-2015-4084\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'python-requests'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"python-requests on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-4084\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-March/153594.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"python-requests\", rpm:\"python-requests~2.5.3~2.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-2296"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-06-19T00:00:00", "id": "OPENVAS:1361412562310869452", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869452", "type": "openvas", "title": "Fedora Update for python-requests FEDORA-2015-9664", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for python-requests FEDORA-2015-9664\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869452\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-06-19 06:17:24 +0200 (Fri, 19 Jun 2015)\");\n script_cve_id(\"CVE-2015-2296\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for python-requests FEDORA-2015-9664\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'python-requests'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"python-requests on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-9664\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-June/160255.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"python-requests\", rpm:\"python-requests~2.7.0~1.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-2296"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2015-03-17T00:00:00", "id": "OPENVAS:1361412562310842131", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842131", "type": "openvas", "title": "Ubuntu Update for requests USN-2531-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for requests USN-2531-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842131\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-03-17 06:41:19 +0100 (Tue, 17 Mar 2015)\");\n script_cve_id(\"CVE-2015-2296\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for requests USN-2531-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'requests'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Matthew Daley discovered that Requests\nincorrectly handled cookies without host values when being redirected. A remote\nattacker could possibly use this issue to perform session fixation or cookie\nstealing attacks.\");\n script_tag(name:\"affected\", value:\"requests on Ubuntu 14.10,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2531-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2531-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.10|14\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python-requests\", ver:\"2.3.0-1ubuntu0.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python3-requests\", ver:\"2.3.0-1ubuntu0.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python-requests\", ver:\"2.2.1-1ubuntu0.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python3-requests\", ver:\"2.2.1-1ubuntu0.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-17T22:59:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-2296"], "description": "The remote host is missing an update announced via the referenced Security Advisory.", "modified": "2020-03-13T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120448", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120448", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2015-541)", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120448\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:26:37 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2015-541)\");\n script_tag(name:\"insight\", value:\"A flaw was found in the way python-requests set the domain cookie parameter for certain HTTP responses. A remote attacker could use this flaw to modify a cookie to be sent to an arbitrary URL.\");\n script_tag(name:\"solution\", value:\"Run yum update python-pip to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-541.html\");\n script_cve_id(\"CVE-2015-2296\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"python26-pip\", rpm:\"python26-pip~6.1.1~1.20.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python27-pip\", rpm:\"python27-pip~6.1.1~1.20.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python34-pip\", rpm:\"python34-pip~6.1.1~1.20.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-pip\", rpm:\"python-pip~6.1.1~1.20.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-2296"], "description": "Most existing Python modules for sending HTTP requests are extremely verbos e and cumbersome. Python=E2=80=99s built-in urllib2 module provides most of the H TTP capabilities you should need, but the API is thoroughly broken. This librar y is designed to make HTTP requests easy for developers. ", "modified": "2015-06-18T13:23:30", "published": "2015-06-18T13:23:30", "id": "FEDORA:D272962CD8C9", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: python-requests-2.7.0-1.fc21", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2015-2296"], "description": "Most existing Python modules for sending HTTP requests are extremely verbos e and cumbersome. Python=E2=80=99s built-in urllib2 module provides most of the H TTP capabilities you should need, but the API is thoroughly broken. This librar y is designed to make HTTP requests easy for developers. ", "modified": "2015-03-29T04:51:40", "published": "2015-03-29T04:51:40", "id": "FEDORA:9B48560C701E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: python-requests-2.5.3-2.fc21", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-12T10:13:33", "description": "Backport of patch to not ascribe cookies to the target domain.\n\n -\n https://github.com/kennethreitz/requests/commit/3bd8afbf\n f29e50b38f889b2f688785a669b9aafc\n\n - http://www.openwall.com/lists/oss-security/2015/03/14/4\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 19, "published": "2015-03-30T00:00:00", "title": "Fedora 21 : python-requests-2.5.3-2.fc21 / python-urllib3-1.10.2-1.fc21 (2015-4084)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-2296"], "modified": "2015-03-30T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:21", "p-cpe:/a:fedoraproject:fedora:python-requests", "p-cpe:/a:fedoraproject:fedora:python-urllib3"], "id": "FEDORA_2015-4084.NASL", "href": "https://www.tenable.com/plugins/nessus/82308", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-4084.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82308);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-2296\");\n script_bugtraq_id(73134);\n script_xref(name:\"FEDORA\", value:\"2015-4084\");\n\n script_name(english:\"Fedora 21 : python-requests-2.5.3-2.fc21 / python-urllib3-1.10.2-1.fc21 (2015-4084)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Backport of patch to not ascribe cookies to the target domain.\n\n -\n https://github.com/kennethreitz/requests/commit/3bd8afbf\n f29e50b38f889b2f688785a669b9aafc\n\n - http://www.openwall.com/lists/oss-security/2015/03/14/4\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://www.openwall.com/lists/oss-security/2015/03/14/4\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openwall.com/lists/oss-security/2015/03/14/4\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1202904\"\n );\n # https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c5411e74\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-March/153594.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9daffe43\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-March/153595.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1aea149a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python-requests and / or python-urllib3 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:python-requests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:python-urllib3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"python-requests-2.5.3-2.fc21\")) flag++;\nif (rpm_check(release:\"FC21\", reference:\"python-urllib3-1.10.2-1.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-requests / python-urllib3\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T15:28:45", "description": "Matthew Daley discovered that Requests incorrectly handled cookies\nwithout host values when being redirected. A remote attacker could\npossibly use this issue to perform session fixation or cookie stealing\nattacks.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 22, "published": "2015-03-17T00:00:00", "title": "Ubuntu 14.04 LTS / 14.10 : requests vulnerability (USN-2531-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-2296"], "modified": "2015-03-17T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:python-requests", "cpe:/o:canonical:ubuntu_linux:14.10", "p-cpe:/a:canonical:ubuntu_linux:python3-requests", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2531-1.NASL", "href": "https://www.tenable.com/plugins/nessus/81879", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2531-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81879);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-2296\");\n script_bugtraq_id(73134);\n script_xref(name:\"USN\", value:\"2531-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 14.10 : requests vulnerability (USN-2531-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Matthew Daley discovered that Requests incorrectly handled cookies\nwithout host values when being redirected. A remote attacker could\npossibly use this issue to perform session fixation or cookie stealing\nattacks.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2531-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected python-requests and / or python3-requests\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python-requests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python3-requests\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|14\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 14.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"python-requests\", pkgver:\"2.2.1-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"python3-requests\", pkgver:\"2.2.1-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"python-requests\", pkgver:\"2.3.0-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"python3-requests\", pkgver:\"2.3.0-1ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-requests / python3-requests\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-01T01:21:03", "description": "A flaw was found in the way python-requests set the domain cookie\nparameter for certain HTTP responses. A remote attacker could use this\nflaw to modify a cookie to be sent to an arbitrary URL.", "edition": 24, "published": "2015-06-12T00:00:00", "title": "Amazon Linux AMI : python-pip (ALAS-2015-541)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-2296"], "modified": "2021-02-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:python34-pip", "p-cpe:/a:amazon:linux:python27-pip", "p-cpe:/a:amazon:linux:python26-pip", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2015-541.NASL", "href": "https://www.tenable.com/plugins/nessus/84129", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-541.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84129);\n script_version(\"2.2\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2015-2296\");\n script_xref(name:\"ALAS\", value:\"2015-541\");\n\n script_name(english:\"Amazon Linux AMI : python-pip (ALAS-2015-541)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the way python-requests set the domain cookie\nparameter for certain HTTP responses. A remote attacker could use this\nflaw to modify a cookie to be sent to an arbitrary URL.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-541.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update python-pip' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-pip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python27-pip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python34-pip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"python26-pip-6.1.1-1.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python27-pip-6.1.1-1.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python34-pip-6.1.1-1.20.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python26-pip / python27-pip / python34-pip\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-01T01:21:01", "description": "A flaw was found in the way python-requests set the domain cookie\nparameter for certain HTTP responses. A remote attacker could use this\nflaw to modify a cookie to be sent to an arbitrary URL.", "edition": 24, "published": "2015-04-20T00:00:00", "title": "Amazon Linux AMI : python-botocore (ALAS-2015-512)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-2296"], "modified": "2021-02-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:python27-botocore", "p-cpe:/a:amazon:linux:python26-botocore", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2015-512.NASL", "href": "https://www.tenable.com/plugins/nessus/82859", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-512.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82859);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2015-2296\");\n script_xref(name:\"ALAS\", value:\"2015-512\");\n\n script_name(english:\"Amazon Linux AMI : python-botocore (ALAS-2015-512)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the way python-requests set the domain cookie\nparameter for certain HTTP responses. A remote attacker could use this\nflaw to modify a cookie to be sent to an arbitrary URL.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-512.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update python-botocore' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-botocore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python27-botocore\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"python26-botocore-0.103.0-1.7.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python27-botocore-0.103.0-1.7.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python26-botocore / python27-botocore\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T11:51:45", "description": "Updated python-requests packages fix security vulnerabilities :\n\nPython-requests was found to have a vulnerability, where the attacker\ncan retrieve the passwords from ~/.netrc file through redirect\nrequests, if the user has their passwords stored in the ~/.netrc file\n(CVE-2014-1829).\n\nIt was discovered that the python-requests Proxy-Authorization header\nwas never re-evaluated when a redirect occurs. The Proxy-Authorization\nheader was sent to any new proxy or non-proxy destination as\nredirected (CVE-2014-1830).\n\nIn python-requests before 2.6.0, a cookie without a host value set\nwould use the hostname for the redirected URL exposing requests users\nto session fixation attacks and potentially cookie stealing\n(CVE-2015-2296).", "edition": 24, "published": "2015-03-30T00:00:00", "title": "Mandriva Linux Security Advisory : python-requests (MDVSA-2015:133)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-2296", "CVE-2014-1830", "CVE-2014-1829"], "modified": "2015-03-30T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:python3-requests", "cpe:/o:mandriva:business_server:2", "p-cpe:/a:mandriva:linux:python-requests"], "id": "MANDRIVA_MDVSA-2015-133.NASL", "href": "https://www.tenable.com/plugins/nessus/82386", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2015:133. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82386);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-1829\", \"CVE-2014-1830\", \"CVE-2015-2296\");\n script_xref(name:\"MDVSA\", value:\"2015:133\");\n\n script_name(english:\"Mandriva Linux Security Advisory : python-requests (MDVSA-2015:133)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated python-requests packages fix security vulnerabilities :\n\nPython-requests was found to have a vulnerability, where the attacker\ncan retrieve the passwords from ~/.netrc file through redirect\nrequests, if the user has their passwords stored in the ~/.netrc file\n(CVE-2014-1829).\n\nIt was discovered that the python-requests Proxy-Authorization header\nwas never re-evaluated when a redirect occurs. The Proxy-Authorization\nheader was sent to any new proxy or non-proxy destination as\nredirected (CVE-2014-1830).\n\nIn python-requests before 2.6.0, a cookie without a host value set\nwould use the hostname for the redirected URL exposing requests users\nto session fixation attacks and potentially cookie stealing\n(CVE-2015-2296).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0409.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2015-0120.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected python-requests and / or python3-requests\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:python-requests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:python3-requests\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS2\", reference:\"python-requests-2.3.0-1.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", reference:\"python3-requests-2.3.0-1.1.mbs2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-07-02T11:38:03", "bulletinFamily": "unix", "cvelist": ["CVE-2015-2296"], "description": "Matthew Daley discovered that Requests incorrectly handled cookies without \nhost values when being redirected. A remote attacker could possibly use \nthis issue to perform session fixation or cookie stealing attacks.", "edition": 5, "modified": "2015-03-16T00:00:00", "published": "2015-03-16T00:00:00", "id": "USN-2531-1", "href": "https://ubuntu.com/security/notices/USN-2531-1", "title": "Requests vulnerability", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2020-11-10T12:36:50", "bulletinFamily": "unix", "cvelist": ["CVE-2015-2296"], "description": "**Issue Overview:**\n\nA flaw was found in the way python-requests set the domain cookie parameter for certain HTTP responses. A remote attacker could use this flaw to modify a cookie to be sent to an arbitrary URL. \n\n \n**Affected Packages:** \n\n\npython-botocore\n\n \n**Issue Correction:** \nRun _yum update python-botocore_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n noarch: \n python26-botocore-0.103.0-1.7.amzn1.noarch \n python27-botocore-0.103.0-1.7.amzn1.noarch \n \n src: \n python-botocore-0.103.0-1.7.amzn1.src \n \n \n", "edition": 4, "modified": "2015-04-17T15:25:00", "published": "2015-04-17T15:25:00", "id": "ALAS-2015-512", "href": "https://alas.aws.amazon.com/ALAS-2015-512.html", "title": "Medium: python-botocore", "type": "amazon", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-10T12:34:45", "bulletinFamily": "unix", "cvelist": ["CVE-2015-2296"], "description": "**Issue Overview:**\n\nA flaw was found in the way python-requests set the domain cookie parameter for certain HTTP responses. A remote attacker could use this flaw to modify a cookie to be sent to an arbitrary URL.\n\n \n**Affected Packages:** \n\n\npython-pip\n\n \n**Issue Correction:** \nRun _yum update python-pip_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n noarch: \n python26-pip-6.1.1-1.20.amzn1.noarch \n python27-pip-6.1.1-1.20.amzn1.noarch \n python34-pip-6.1.1-1.20.amzn1.noarch \n \n src: \n python-pip-6.1.1-1.20.amzn1.src \n \n \n", "edition": 4, "modified": "2015-06-11T08:08:00", "published": "2015-06-11T08:08:00", "id": "ALAS-2015-541", "href": "https://alas.aws.amazon.com/ALAS-2015-541.html", "title": "Medium: python-pip", "type": "amazon", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:59", "bulletinFamily": "software", "cvelist": ["CVE-2015-2296"], "description": "Invalid cookies processing in redirects.", "edition": 1, "modified": "2015-03-18T00:00:00", "published": "2015-03-18T00:00:00", "id": "SECURITYVULNS:VULN:14330", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14330", "title": "python requests library session fixation", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:58", "bulletinFamily": "software", "cvelist": ["CVE-2015-2296"], "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2531-1\r\nMarch 16, 2015\r\n\r\nrequests vulnerability\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 14.10\r\n- Ubuntu 14.04 LTS\r\n\r\nSummary:\r\n\r\nRequests could be made to expose cookies over the network.\r\n\r\nSoftware Description:\r\n- requests: elegant and simple HTTP library for Python\r\n\r\nDetails:\r\n\r\nMatthew Daley discovered that Requests incorrectly handled cookies without\r\nhost values when being redirected. A remote attacker could possibly use\r\nthis issue to perform session fixation or cookie stealing attacks.\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 14.10:\r\n python-requests 2.3.0-1ubuntu0.1\r\n python3-requests 2.3.0-1ubuntu0.1\r\n\r\nUbuntu 14.04 LTS:\r\n python-requests 2.2.1-1ubuntu0.2\r\n python3-requests 2.2.1-1ubuntu0.2\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2531-1\r\n CVE-2015-2296\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/requests/2.3.0-1ubuntu0.1\r\n https://launchpad.net/ubuntu/+source/requests/2.2.1-1ubuntu0.2\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "edition": 1, "modified": "2015-03-18T00:00:00", "published": "2015-03-18T00:00:00", "id": "SECURITYVULNS:DOC:31807", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31807", "title": "[USN-2531-1] Requests vulnerability", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
