CVE-2015-5144

EPSS 2.24%
Published 14.07.2015 17:59:07
Last modified 12.04.2025 10:46:40
Source cve@mitre.org
Teams watchlist Login
Open Login

Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an (1) email message to the EmailValidator, a (2) URL to the URLValidator, or unspecified vectors to the (3) validate_ipv4_address or (4) validate_slug validator.

Affected products Warnungen 0 Metrics 2 CWE 1 References 13

Data is provided by the National Vulnerability Database (NVD)

Canonical ≫ Ubuntu Linux Version12.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version15.04

Canonical ≫ Ubuntu Linux Version15.10

Djangoproject ≫ Django Version <= 1.4.20

Djangoproject ≫ Django Version1.5

Djangoproject ≫ Django Version1.5 Updatealpha

Djangoproject ≫ Django Version1.5 Updatebeta

Djangoproject ≫ Django Version1.5.1

Djangoproject ≫ Django Version1.5.2

Djangoproject ≫ Django Version1.5.3

Djangoproject ≫ Django Version1.5.4

Djangoproject ≫ Django Version1.5.5

Djangoproject ≫ Django Version1.5.6

Djangoproject ≫ Django Version1.5.7

Djangoproject ≫ Django Version1.5.8

Djangoproject ≫ Django Version1.5.9

Djangoproject ≫ Django Version1.5.10

Djangoproject ≫ Django Version1.5.11

Djangoproject ≫ Django Version1.5.12

Djangoproject ≫ Django Version1.6 Update-

Djangoproject ≫ Django Version1.6 Updatebeta1

Djangoproject ≫ Django Version1.6 Updatebeta2

Djangoproject ≫ Django Version1.6 Updatebeta3

Djangoproject ≫ Django Version1.6 Updatebeta4

Djangoproject ≫ Django Version1.6.1

Djangoproject ≫ Django Version1.6.2

Djangoproject ≫ Django Version1.6.3

Djangoproject ≫ Django Version1.6.4

Djangoproject ≫ Django Version1.6.5

Djangoproject ≫ Django Version1.6.6

Djangoproject ≫ Django Version1.6.7

Djangoproject ≫ Django Version1.6.8

Djangoproject ≫ Django Version1.6.9

Djangoproject ≫ Django Version1.6.10

Djangoproject ≫ Django Version1.7 Updatebeta1

Djangoproject ≫ Django Version1.7 Updatebeta2

Djangoproject ≫ Django Version1.7 Updatebeta3

Djangoproject ≫ Django Version1.7 Updatebeta4

Djangoproject ≫ Django Version1.7 Updaterc1

Djangoproject ≫ Django Version1.7 Updaterc2

Djangoproject ≫ Django Version1.7 Updaterc3

Djangoproject ≫ Django Version1.7.1

Djangoproject ≫ Django Version1.7.2

Djangoproject ≫ Django Version1.7.3

Djangoproject ≫ Django Version1.7.4

Djangoproject ≫ Django Version1.7.5

Djangoproject ≫ Django Version1.7.6

Djangoproject ≫ Django Version1.7.7

Djangoproject ≫ Django Version1.7.8

Djangoproject ≫ Django Version1.7.9

Djangoproject ≫ Django Version1.8 Updatebeta1

Djangoproject ≫ Django Version1.8.0

Djangoproject ≫ Django Version1.8.1

Djangoproject ≫ Django Version1.8.2

Debian ≫ Debian Linux Version7.0

Debian ≫ Debian Linux Version8.0

Oracle ≫ Solaris Version11.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	2.24%	0.84

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.html

http://lists.opensuse.org/opensuse-updates/2015-10/msg00043.html

http://lists.opensuse.org/opensuse-updates/2015-10/msg00046.html

http://www.debian.org/security/2015/dsa-3305

Third Party Advisory

http://www.securitytracker.com/id/1032820

http://www.ubuntu.com/usn/USN-2671-1

Third Party Advisory

https://security.gentoo.org/glsa/201510-06

https://www.djangoproject.com/weblog/2015/jul/08/security-releases/