5
CVE-2014-0473
- EPSS 0.37%
- Veröffentlicht 23.04.2014 15:55:03
- Zuletzt bearbeitet 12.04.2025 10:46:40
- Quelle security@debian.org
- Teams Watchlist Login
- Unerledigt Login
The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to bypass CSRF protections by reading the CSRF cookie for anonymous users.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Djangoproject ≫ Django Version1.5
Djangoproject ≫ Django Version1.5.1
Djangoproject ≫ Django Version1.5.2
Djangoproject ≫ Django Version1.5.3
Djangoproject ≫ Django Version1.5.4
Djangoproject ≫ Django Version1.5.5
Djangoproject ≫ Django Version1.6
Djangoproject ≫ Django Version1.6.1
Djangoproject ≫ Django Version1.6.2
Djangoproject ≫ Django Version1.7 Updatealpha1
Djangoproject ≫ Django Version1.7 Updatealpha2
Djangoproject ≫ Django Version1.7 Updatebeta1
Djangoproject ≫ Django Version <= 1.4.10
Djangoproject ≫ Django Version1.4
Djangoproject ≫ Django Version1.4.1
Djangoproject ≫ Django Version1.4.2
Djangoproject ≫ Django Version1.4.3
Djangoproject ≫ Django Version1.4.4
Djangoproject ≫ Django Version1.4.5
Djangoproject ≫ Django Version1.4.6
Djangoproject ≫ Django Version1.4.7
Djangoproject ≫ Django Version1.4.8
Djangoproject ≫ Django Version1.4.9
Canonical ≫ Ubuntu Linux Version10.04 Update- Editionlts
Canonical ≫ Ubuntu Linux Version12.04 Update- Editionlts
Canonical ≫ Ubuntu Linux Version12.10
Canonical ≫ Ubuntu Linux Version13.10
Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.37% | 0.557 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|