Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-5144

Опубликовано: 08 июл. 2015
Источник: redhat
CVSS2: 4.3
EPSS Низкий

Описание

Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an (1) email message to the EmailValidator, a (2) URL to the URLValidator, or unspecified vectors to the (3) validate_ipv4_address or (4) validate_slug validator.

Отчет

This issue affects the version of python-django as included with Red Hat Enterprise Linux OpenStack Platform 5 and 6 however there is no known security impact in a supported use-case at this time. A future update may address this issue.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse)python-djangoWill not fix
Red Hat Enterprise Linux OpenStack Platform 6 (Juno)python-djangoWill not fix
Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)python-djangoNot affected
Red Hat Subscription Asset ManagerDjangoWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-185
https://bugzilla.redhat.com/show_bug.cgi?id=1239011Django: possible header injection due to validators accepting newlines in input

EPSS

Процентиль: 79%
0.01328
Низкий

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-5144

ubuntu
почти 10 лет назад

Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an (1) email message to the EmailValidator, a (2) URL to the URLValidator, or unspecified vectors to the (3) validate_ipv4_address or (4) validate_slug validator.

nvd логотип

CVE-2015-5144

nvd
почти 10 лет назад

Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an (1) email message to the EmailValidator, a (2) URL to the URLValidator, or unspecified vectors to the (3) validate_ipv4_address or (4) validate_slug validator.

debian логотип

CVE-2015-5144

debian
почти 10 лет назад

Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8 ...

github логотип

GHSA-q5qw-4364-5hhm

CVSS3: 7.5
github
около 3 лет назад

Django Vulnerable to HTTP Response Splitting Attack

fstec логотип

BDU:2015-11592

fstec
почти 10 лет назад

Уязвимость программной платформы для веб-приложений Django, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 79%
0.01328
Низкий

4.3 Medium

CVSS2