9.8

CVE-2016-9013

EPSS 2.4%
Veröffentlicht 09.12.2016 20:59:05
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the database server by leveraging failure to manually specify a password in the database settings TEST dictionary.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Djangoproject ≫ Django Version1.10

Djangoproject ≫ Django Version1.10.1

Djangoproject ≫ Django Version1.10.2

Canonical ≫ Ubuntu Linux Version12.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version16.10

Djangoproject ≫ Django Version1.9

Djangoproject ≫ Django Version1.9.1

Djangoproject ≫ Django Version1.9.2

Djangoproject ≫ Django Version1.9.3

Djangoproject ≫ Django Version1.9.4

Djangoproject ≫ Django Version1.9.5

Djangoproject ≫ Django Version1.9.6

Djangoproject ≫ Django Version1.9.7

Djangoproject ≫ Django Version1.9.8

Djangoproject ≫ Django Version1.9.9

Djangoproject ≫ Django Version1.9.10

Djangoproject ≫ Django Version1.8

Djangoproject ≫ Django Version1.8.1

Djangoproject ≫ Django Version1.8.2

Djangoproject ≫ Django Version1.8.3

Djangoproject ≫ Django Version1.8.4

Djangoproject ≫ Django Version1.8.5

Djangoproject ≫ Django Version1.8.6

Djangoproject ≫ Django Version1.8.7

Djangoproject ≫ Django Version1.8.8

Djangoproject ≫ Django Version1.8.9

Djangoproject ≫ Django Version1.8.10

Djangoproject ≫ Django Version1.8.11

Djangoproject ≫ Django Version1.8.12

Djangoproject ≫ Django Version1.8.13

Djangoproject ≫ Django Version1.8.14

Djangoproject ≫ Django Version1.8.15

Fedoraproject ≫ Fedora Version24

Fedoraproject ≫ Fedora Version25

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.4%	0.845

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

http://www.debian.org/security/2017/dsa-3835

http://www.securityfocus.com/bid/94069

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1037159

Third Party Advisory

VDB Entry

http://www.ubuntu.com/usn/USN-3115-1

Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OG5ROMUPS6C7BXELD3TAUUH7OBYV56WQ/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QXDKJYHN74BWY3P7AR2UZDVJREQMRE6S/

https://www.djangoproject.com/weblog/2016/nov/01/security-releases/

Vendor Advisory

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2016-9013

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-9013

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-9013

EUVD