Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-2512

Опубликовано: 01 мар. 2016
Источник: redhat
CVSS2: 5.8
EPSS Низкий

Описание

The utils.http.is_safe_url function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting (XSS) attacks via a URL containing basic authentication, as demonstrated by http://mysite.example.com\@attacker.com.

An open-redirect flaw was found in the way Django's django.utils.http.is_safe_url() function filtered authentication URLs. An attacker able to trick a victim into visiting a crafted URL could use this flaw to redirect that victim to a malicious site.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Ceph Storage 1.2DjangoAffected
Red Hat Ceph Storage 1.3DjangoAffected
Red Hat OpenStack Platform 8 (Liberty)python-djangoNot affected
Red Hat OpenStack Platform 8 (Liberty) Operational Toolspython-djangoNot affected
Red Hat Subscription Asset ManagerDjangoAffected
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6python-djangoFixedRHSA-2016:050224.03.2016
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7python-djangoFixedRHSA-2016:050624.03.2016
Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7python-djangoFixedRHSA-2016:050524.03.2016
Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7python-djangoFixedRHSA-2016:050424.03.2016
Red Hat Enterprise Linux OpenStack Platform 7.0 Operational Tools for RHEL 7python-djangoFixedRHSA-2016:050324.03.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-601
https://bugzilla.redhat.com/show_bug.cgi?id=1311431python-django: Malicious redirect and possible XSS attack via user-supplied redirect URLs containing basic auth

EPSS

Процентиль: 67%
0.00541
Низкий

5.8 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-2512

CVSS3: 7.4
ubuntu
около 9 лет назад

The utils.http.is_safe_url function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting (XSS) attacks via a URL containing basic authentication, as demonstrated by http://mysite.example.com\@attacker.com.

nvd логотип

CVE-2016-2512

CVSS3: 7.4
nvd
около 9 лет назад

The utils.http.is_safe_url function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting (XSS) attacks via a URL containing basic authentication, as demonstrated by http://mysite.example.com\@attacker.com.

debian логотип

CVE-2016-2512

CVSS3: 7.4
debian
около 9 лет назад

The utils.http.is_safe_url function in Django before 1.8.10 and 1.9.x ...

github логотип

GHSA-pw27-w7w4-9qc7

CVSS3: 7.4
github
около 3 лет назад

Django XSS Vulnerability

suse-cvrf логотип

openSUSE-SU-2018:0826-1

suse-cvrf
около 7 лет назад

Security update for python-Django

EPSS

Процентиль: 67%
0.00541
Низкий

5.8 Medium

CVSS2