Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2016-9014

Опубликовано: 09 дек. 2016
Источник: debian
EPSS Низкий

Описание

Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
python-djangofixed1:1.10.3-1package

Примечания

  • https://www.djangoproject.com/weblog/2016/nov/01/security-releases/

  • https://github.com/django/django/commit/7fe2d8d940fdddd1a02c4754008a27060c4a03e9

EPSS

Процентиль: 88%
0.04296
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2016-9014

CVSS3: 8.1
ubuntu
больше 8 лет назад

Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS.

redhat логотип

CVE-2016-9014

CVSS3: 7.4
redhat
больше 8 лет назад

Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS.

nvd логотип

CVE-2016-9014

CVSS3: 8.1
nvd
больше 8 лет назад

Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS.

github логотип

GHSA-3f2c-jm6v-cr35

CVSS3: 8.1
github
около 3 лет назад

Django DNS Rebinding Vulnerability

suse-cvrf логотип

openSUSE-SU-2018:0826-1

suse-cvrf
около 7 лет назад

Security update for python-Django

EPSS

Процентиль: 88%
0.04296
Низкий
Уязвимость CVE-2016-9014