5.3

CVE-2019-12781

EPSS 15.53%
Veröffentlicht 01.07.2019 14:15:10
Zuletzt bearbeitet 21.11.2024 04:23:33
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words, django.http.HttpRequest.scheme has incorrect behavior when a client uses HTTP.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 15

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Djangoproject ≫ Django Version >= 1.11 < 1.11.22

Djangoproject ≫ Django Version >= 2.1 < 2.1.10

Djangoproject ≫ Django Version >= 2.2 < 2.2.3

Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version18.10

Canonical ≫ Ubuntu Linux Version19.04

Debian ≫ Debian Linux Version9.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	15.53%	0.944

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-319 Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

https://docs.djangoproject.com/en/dev/releases/security/

Patch

Vendor Advisory

https://seclists.org/bugtraq/2019/Jul/10

Third Party Advisory

https://www.debian.org/security/2019/dsa-4476

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html

https://usn.ubuntu.com/4043-1/

Third Party Advisory

http://www.openwall.com/lists/oss-security/2019/07/01/3

Patch

Third Party Advisory

Mailing List

http://www.securityfocus.com/bid/109018

Third Party Advisory

https://groups.google.com/forum/#%21topic/django-announce/Is4kLY9ZcZQ

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5VXXWIOQGXOB7JCGJ3CVUW673LDHKEYL/

https://security.netapp.com/advisory/ntap-20190705-0002/

Third Party Advisory

https://www.djangoproject.com/weblog/2019/jul/01/security-releases/

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-12781

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-12781

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-12781

EUVD