Описание
The CSRF protection mechanism in Django through 1.2.7 and 1.3.x through 1.3.1 does not properly handle web-server configurations supporting arbitrary HTTP Host headers, which allows remote attackers to trigger unauthenticated forged requests via vectors involving a DNS CNAME record and a web page containing JavaScript code.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | ignored | |
| hardy | ignored | |
| lucid | ignored | |
| maverick | ignored | |
| natty | ignored | |
| oneiric | ignored | |
| upstream | ignored |
Показывать по
6.8 Medium
CVSS2
Связанные уязвимости
The CSRF protection mechanism in Django through 1.2.7 and 1.3.x through 1.3.1 does not properly handle web-server configurations supporting arbitrary HTTP Host headers, which allows remote attackers to trigger unauthenticated forged requests via vectors involving a DNS CNAME record and a web page containing JavaScript code.
The CSRF protection mechanism in Django through 1.2.7 and 1.3.x throug ...
6.8 Medium
CVSS2