Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2016-7401

Опубликовано: 03 окт. 2016
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 5
CVSS3: 7.5

Описание

The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies.

РелизСтатусПримечание
devel

released

1.8.7-1ubuntu8
esm-infra-legacy/trusty

not-affected

1.6.1-2ubuntu0.15
esm-infra/xenial

not-affected

1.8.7-1ubuntu5.2
precise

released

1.3.1-4ubuntu1.21
trusty

released

1.6.1-2ubuntu0.15
trusty/esm

not-affected

1.6.1-2ubuntu0.15
upstream

released

1.8.15,1.9.10
vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

xenial

released

1.8.7-1ubuntu5.2

Показывать по

Ссылки на источники

EPSS

Процентиль: 86%
0.02907
Низкий

5 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2016-7401

CVSS3: 6.1
redhat
больше 8 лет назад

The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies.

nvd логотип

CVE-2016-7401

CVSS3: 7.5
nvd
больше 8 лет назад

The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies.

debian логотип

CVE-2016-7401

CVSS3: 7.5
debian
больше 8 лет назад

The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.1 ...

github логотип

GHSA-crhm-qpjc-cm64

CVSS3: 7.5
github
около 3 лет назад

Django CSRF Protection Bypass

suse-cvrf логотип

openSUSE-SU-2018:0826-1

suse-cvrf
около 7 лет назад

Security update for python-Django

EPSS

Процентиль: 86%
0.02907
Низкий

5 Medium

CVSS2

7.5 High

CVSS3