Описание
The CSRF protection mechanism in Django through 1.2.7 and 1.3.x through 1.3.1 does not properly handle web-server configurations supporting arbitrary HTTP Host headers, which allows remote attackers to trigger unauthenticated forged requests via vectors involving a DNS CNAME record and a web page containing JavaScript code.
Ссылки
- Patch
- Patch
- Patch
- PatchVendor Advisory
- Patch
- Patch
- Patch
- Patch
- PatchVendor Advisory
- Patch
Уязвимые конфигурации
Конфигурация 1Версия до 1.2.6 (включая)
Одно из
cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:0.91:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:0.95:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:0.95.1:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:0.96:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.0:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.1:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.2:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.2.1:2:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.2.5:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.3:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.3:alpha1:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.3:alpha2:*:*:*:*:*:*
EPSS
Процентиль: 60%
0.004
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-352
Связанные уязвимости
debian
больше 13 лет назад
The CSRF protection mechanism in Django through 1.2.7 and 1.3.x throug ...
EPSS
Процентиль: 60%
0.004
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-352