7.5

CVE-2016-7401

The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CanonicalUbuntu Linux Version12.04 SwEditionlts
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version16.04 SwEditionlts
DjangoprojectDjango Version <= 1.8.14
DjangoprojectDjango Version1.9.0
DjangoprojectDjango Version1.9.1
DjangoprojectDjango Version1.9.2
DjangoprojectDjango Version1.9.3
DjangoprojectDjango Version1.9.4
DjangoprojectDjango Version1.9.5
DjangoprojectDjango Version1.9.6
DjangoprojectDjango Version1.9.7
DjangoprojectDjango Version1.9.8
DjangoprojectDjango Version1.9.9
DebianDebian Linux Version8.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.13% 0.925
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://rhn.redhat.com/errata/RHSA-2016-2038.html
http://rhn.redhat.com/errata/RHSA-2016-2039.html
http://rhn.redhat.com/errata/RHSA-2016-2040.html
http://rhn.redhat.com/errata/RHSA-2016-2041.html
http://rhn.redhat.com/errata/RHSA-2016-2042.html
http://rhn.redhat.com/errata/RHSA-2016-2043.html
http://www.debian.org/security/2016/dsa-3678
Third Party Advisory
http://www.securityfocus.com/bid/93182
Third Party Advisory
http://www.securitytracker.com/id/1036899
Third Party Advisory
http://www.ubuntu.com/usn/USN-3089-1
Third Party Advisory
https://www.djangoproject.com/weblog/2016/sep/26/security-releases/
Patch
Vendor Advisory