Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2016-9013

Опубликовано: 09 дек. 2016
Источник: nvd
CVSS3: 9.8
CVSS2: 7.5
EPSS Низкий

Описание

Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the database server by leveraging failure to manually specify a password in the database settings TEST dictionary.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:djangoproject:django:1.10:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.10.1:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.10.2:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.10:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:a:djangoproject:django:1.9:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9.1:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9.2:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9.3:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9.4:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9.5:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9.6:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9.7:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9.8:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9.9:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9.10:*:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:a:djangoproject:django:1.8:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.1:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.2:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.3:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.4:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.5:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.6:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.7:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.8:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.9:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.10:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.11:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.12:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.13:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.14:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.15:*:*:*:*:*:*:*
Конфигурация 5

Одно из

cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*

EPSS

Процентиль: 85%
0.02395
Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-798

Связанные уязвимости

ubuntu логотип

CVE-2016-9013

CVSS3: 9.8
ubuntu
около 9 лет назад

Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the database server by leveraging failure to manually specify a password in the database settings TEST dictionary.

redhat логотип

CVE-2016-9013

CVSS3: 7.4
redhat
около 9 лет назад

Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the database server by leveraging failure to manually specify a password in the database settings TEST dictionary.

debian логотип

CVE-2016-9013

CVSS3: 9.8
debian
около 9 лет назад

Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.1 ...

github логотип

GHSA-mv8g-fhh6-6267

CVSS3: 9.8
github
больше 3 лет назад

Django user with hardcoded password created when running tests on Oracle

suse-cvrf логотип

openSUSE-SU-2018:0826-1

suse-cvrf
больше 7 лет назад

Security update for python-Django

EPSS

Процентиль: 85%
0.02395
Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-798