8.1

CVE-2016-9014

EPSS 4.31%
Veröffentlicht 09.12.2016 20:59:06
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Fedoraproject ≫ Fedora Version24

Fedoraproject ≫ Fedora Version25

Canonical ≫ Ubuntu Linux Version12.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version16.10

Djangoproject ≫ Django Version1.8

Djangoproject ≫ Django Version1.8.1

Djangoproject ≫ Django Version1.8.2

Djangoproject ≫ Django Version1.8.3

Djangoproject ≫ Django Version1.8.4

Djangoproject ≫ Django Version1.8.5

Djangoproject ≫ Django Version1.8.6

Djangoproject ≫ Django Version1.8.7

Djangoproject ≫ Django Version1.8.8

Djangoproject ≫ Django Version1.8.9

Djangoproject ≫ Django Version1.8.10

Djangoproject ≫ Django Version1.8.11

Djangoproject ≫ Django Version1.8.12

Djangoproject ≫ Django Version1.8.13

Djangoproject ≫ Django Version1.8.14

Djangoproject ≫ Django Version1.8.15

Djangoproject ≫ Django Version1.10

Djangoproject ≫ Django Version1.10.1

Djangoproject ≫ Django Version1.10.2

Djangoproject ≫ Django Version1.9

Djangoproject ≫ Django Version1.9.1

Djangoproject ≫ Django Version1.9.2

Djangoproject ≫ Django Version1.9.3

Djangoproject ≫ Django Version1.9.4

Djangoproject ≫ Django Version1.9.5

Djangoproject ≫ Django Version1.9.6

Djangoproject ≫ Django Version1.9.7

Djangoproject ≫ Django Version1.9.8

Djangoproject ≫ Django Version1.9.9

Djangoproject ≫ Django Version1.9.10

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	4.31%	0.884

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.1	2.2	5.9	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

http://www.debian.org/security/2017/dsa-3835

http://www.securitytracker.com/id/1037159

Third Party Advisory

VDB Entry

http://www.ubuntu.com/usn/USN-3115-1

Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OG5ROMUPS6C7BXELD3TAUUH7OBYV56WQ/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QXDKJYHN74BWY3P7AR2UZDVJREQMRE6S/

https://www.djangoproject.com/weblog/2016/nov/01/security-releases/

Vendor Advisory

Release Notes

http://www.securityfocus.com/bid/94068

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2016-9014

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-9014

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-9014

EUVD