8.1

CVE-2016-9014

EPSS 4.31%
Published 09.12.2016 20:59:06
Last modified 12.04.2025 10:46:40
Source cve@mitre.org
Teams watchlist Login
Open Login

Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS.

Affected products Warnungen 0 Metrics 3 CWE 0 References 10

Data is provided by the National Vulnerability Database (NVD)

Fedoraproject ≫ Fedora Version24

Fedoraproject ≫ Fedora Version25

Canonical ≫ Ubuntu Linux Version12.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version16.10

Djangoproject ≫ Django Version1.8

Djangoproject ≫ Django Version1.8.1

Djangoproject ≫ Django Version1.8.2

Djangoproject ≫ Django Version1.8.3

Djangoproject ≫ Django Version1.8.4

Djangoproject ≫ Django Version1.8.5

Djangoproject ≫ Django Version1.8.6

Djangoproject ≫ Django Version1.8.7

Djangoproject ≫ Django Version1.8.8

Djangoproject ≫ Django Version1.8.9

Djangoproject ≫ Django Version1.8.10

Djangoproject ≫ Django Version1.8.11

Djangoproject ≫ Django Version1.8.12

Djangoproject ≫ Django Version1.8.13

Djangoproject ≫ Django Version1.8.14

Djangoproject ≫ Django Version1.8.15

Djangoproject ≫ Django Version1.10

Djangoproject ≫ Django Version1.10.1

Djangoproject ≫ Django Version1.10.2

Djangoproject ≫ Django Version1.9

Djangoproject ≫ Django Version1.9.1

Djangoproject ≫ Django Version1.9.2

Djangoproject ≫ Django Version1.9.3

Djangoproject ≫ Django Version1.9.4

Djangoproject ≫ Django Version1.9.5

Djangoproject ≫ Django Version1.9.6

Djangoproject ≫ Django Version1.9.7

Djangoproject ≫ Django Version1.9.8

Djangoproject ≫ Django Version1.9.9

Djangoproject ≫ Django Version1.9.10

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	4.31%	0.884

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.1	2.2	5.9	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

http://www.debian.org/security/2017/dsa-3835

http://www.securitytracker.com/id/1037159

Third Party Advisory

VDB Entry

http://www.ubuntu.com/usn/USN-3115-1

Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OG5ROMUPS6C7BXELD3TAUUH7OBYV56WQ/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QXDKJYHN74BWY3P7AR2UZDVJREQMRE6S/

https://www.djangoproject.com/weblog/2016/nov/01/security-releases/

Vendor Advisory

Release Notes

http://www.securityfocus.com/bid/94068

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2016-9014

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-9014

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-9014

EUVD