5
CVE-2014-0473
- EPSS 0.37%
- Published 23.04.2014 15:55:03
- Last modified 12.04.2025 10:46:40
- Source security@debian.org
- Teams watchlist Login
- Open Login
The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to bypass CSRF protections by reading the CSRF cookie for anonymous users.
Data is provided by the National Vulnerability Database (NVD)
Djangoproject ≫ Django Version1.5
Djangoproject ≫ Django Version1.5.1
Djangoproject ≫ Django Version1.5.2
Djangoproject ≫ Django Version1.5.3
Djangoproject ≫ Django Version1.5.4
Djangoproject ≫ Django Version1.5.5
Djangoproject ≫ Django Version1.6
Djangoproject ≫ Django Version1.6.1
Djangoproject ≫ Django Version1.6.2
Djangoproject ≫ Django Version1.7 Updatealpha1
Djangoproject ≫ Django Version1.7 Updatealpha2
Djangoproject ≫ Django Version1.7 Updatebeta1
Djangoproject ≫ Django Version <= 1.4.10
Djangoproject ≫ Django Version1.4
Djangoproject ≫ Django Version1.4.1
Djangoproject ≫ Django Version1.4.2
Djangoproject ≫ Django Version1.4.3
Djangoproject ≫ Django Version1.4.4
Djangoproject ≫ Django Version1.4.5
Djangoproject ≫ Django Version1.4.6
Djangoproject ≫ Django Version1.4.7
Djangoproject ≫ Django Version1.4.8
Djangoproject ≫ Django Version1.4.9
Canonical ≫ Ubuntu Linux Version10.04 Update- Editionlts
Canonical ≫ Ubuntu Linux Version12.04 Update- Editionlts
Canonical ≫ Ubuntu Linux Version12.10
Canonical ≫ Ubuntu Linux Version13.10
Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.37% | 0.557 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|