exploitDog

CVE-2016-9014

Опубликовано: 09 дек. 2016

Источник: debian

Описание

Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
python-django	fixed	1:1.10.3-1		package

Примечания

https://www.djangoproject.com/weblog/2016/nov/01/security-releases/
https://github.com/django/django/commit/7fe2d8d940fdddd1a02c4754008a27060c4a03e9

Связанные уязвимости

CVE-2016-9014

CVSS3: 8.1

ubuntu

больше 8 лет назад

Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS.

CVE-2016-9014

CVSS3: 7.4

redhat

почти 9 лет назад

Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS.

CVE-2016-9014

CVSS3: 8.1

nvd

больше 8 лет назад

Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS.

GHSA-3f2c-jm6v-cr35

CVSS3: 8.1

github

около 3 лет назад

Django DNS Rebinding Vulnerability

openSUSE-SU-2018:0826-1

suse-cvrf

больше 7 лет назад

Security update for python-Django