5

CVE-2015-0219

Exploit
Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 allows remote attackers to spoof WSGI headers by using an _ (underscore) character instead of a - (dash) character in an HTTP header, as demonstrated by an X-Auth_User header.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DjangoprojectDjango Version <= 1.4.17
DjangoprojectDjango Version1.6
DjangoprojectDjango Version1.6.1
DjangoprojectDjango Version1.6.2
DjangoprojectDjango Version1.6.3
DjangoprojectDjango Version1.6.4
DjangoprojectDjango Version1.6.5
DjangoprojectDjango Version1.6.6
DjangoprojectDjango Version1.6.7
DjangoprojectDjango Version1.6.8
DjangoprojectDjango Version1.6.9
DjangoprojectDjango Version1.7
DjangoprojectDjango Version1.7.1
DjangoprojectDjango Version1.7.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.78% 0.932
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://advisories.mageia.org/MGASA-2015-0026.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148485.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148608.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148696.html
http://lists.opensuse.org/opensuse-updates/2015-04/msg00001.html
http://lists.opensuse.org/opensuse-updates/2015-09/msg00035.html
http://secunia.com/advisories/62285
http://secunia.com/advisories/62309
http://secunia.com/advisories/62718
http://www.mandriva.com/security/advisories?name=MDVSA-2015:036
http://www.mandriva.com/security/advisories?name=MDVSA-2015:109
http://www.ubuntu.com/usn/USN-2469-1
Patch
Vendor Advisory
https://www.djangoproject.com/weblog/2015/jan/13/security/
Patch
Vendor Advisory
Exploit