Описание
Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ceph Storage 1.3 | calamari-server | Will not fix | ||
| Red Hat Ceph Storage 2 | python-django | Will not fix | ||
| Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse) | python-django | Will not fix | ||
| Red Hat Enterprise Linux OpenStack Platform 6 (Juno) | python-django | Will not fix | ||
| Red Hat Enterprise Linux OpenStack Platform 7 (Kilo) | python-django | Will not fix | ||
| Red Hat Enterprise Linux OpenStack Platform 7 (Kilo) Operational Tools | python-django | Will not fix | ||
| Red Hat OpenStack Platform 10 (Newton) | python-django | Will not fix | ||
| Red Hat OpenStack Platform 10 (Newton) Operational Tools | python-django | Will not fix | ||
| Red Hat OpenStack Platform 8 (Liberty) | python-django | Will not fix | ||
| Red Hat OpenStack Platform 8 (Liberty) Operational Tools | python-django | Will not fix |
Показывать по
Дополнительная информация
Статус:
EPSS
7.4 High
CVSS3
4 Medium
CVSS2
Связанные уязвимости
Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS.
Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS.
Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x bef ...
EPSS
7.4 High
CVSS3
4 Medium
CVSS2