Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2016-9013

Опубликовано: 09 дек. 2016
Источник: nvd
CVSS3: 9.8
CVSS2: 7.5
EPSS Низкий

Описание

Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the database server by leveraging failure to manually specify a password in the database settings TEST dictionary.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:djangoproject:django:1.10:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.10.1:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.10.2:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.10:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:a:djangoproject:django:1.9:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9.1:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9.2:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9.3:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9.4:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9.5:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9.6:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9.7:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9.8:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9.9:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9.10:*:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:a:djangoproject:django:1.8:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.1:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.2:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.3:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.4:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.5:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.6:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.7:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.8:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.9:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.10:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.11:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.12:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.13:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.14:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.15:*:*:*:*:*:*:*
Конфигурация 5

Одно из

cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*

EPSS

Процентиль: 77%
0.01045
Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-798

Связанные уязвимости

ubuntu логотип

CVE-2016-9013

CVSS3: 9.8
ubuntu
больше 8 лет назад

Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the database server by leveraging failure to manually specify a password in the database settings TEST dictionary.

redhat логотип

CVE-2016-9013

CVSS3: 7.4
redhat
больше 8 лет назад

Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the database server by leveraging failure to manually specify a password in the database settings TEST dictionary.

debian логотип

CVE-2016-9013

CVSS3: 9.8
debian
больше 8 лет назад

Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.1 ...

github логотип

GHSA-mv8g-fhh6-6267

CVSS3: 9.8
github
около 3 лет назад

Django user with hardcoded password created when running tests on Oracle

suse-cvrf логотип

openSUSE-SU-2018:0826-1

suse-cvrf
около 7 лет назад

Security update for python-Django

EPSS

Процентиль: 77%
0.01045
Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-798