6.4

CVE-2012-4520

The django.http.HttpRequest.get_host function in Django 1.3.x before 1.3.4 and 1.4.x before 1.4.2 allows remote attackers to generate and display arbitrary URLs via crafted username and password Host header values.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DjangoprojectDjango Version1.3
DjangoprojectDjango Version1.3 Updatealpha1
DjangoprojectDjango Version1.3 Updatebeta1
DjangoprojectDjango Version1.3.1
DjangoprojectDjango Version1.3.2
DjangoprojectDjango Version1.3.3
DjangoprojectDjango Version1.4
DjangoprojectDjango Version1.4.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.64% 0.881
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.4 10 4.9
AV:N/AC:L/Au:N/C:P/I:P/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691145
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090666.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090904.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090970.html
http://secunia.com/advisories/51033
Vendor Advisory
http://secunia.com/advisories/51314
Vendor Advisory
http://securitytracker.com/id?1027708
http://ubuntu.com/usn/usn-1632-1
http://ubuntu.com/usn/usn-1757-1
http://www.debian.org/security/2013/dsa-2634
http://www.openwall.com/lists/oss-security/2012/10/30/4
http://www.osvdb.org/86493
https://bugzilla.redhat.com/show_bug.cgi?id=865164
https://github.com/django/django/commit/92d3430f12171f16f566c9050c40feefb830a4a3
https://github.com/django/django/commit/9305c0e12d43c4df999c3301a1f0c742264a657e
https://github.com/django/django/commit/b45c377f8f488955e0c7069cad3f3dd21910b071
https://www.djangoproject.com/weblog/2012/oct/17/security/
Patch
Vendor Advisory