Showing 1 - 4 of 4

CVE-2014-0482

Status Candidate

Overview

The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.RemoteUserBackend backend, allows remote authenticated users to hijack web sessions via vectors related to the REMOTE_USER header.

Related Files

Gentoo Linux Security Advisory 201412-22: Posted Dec 15, 2014; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 201412-22 - Multiple vulnerabilities have been found in Django, the worst of which may lead to Denial of Service. Versions less than 1.6.7 are affected.; tags | advisory, denial of service, vulnerability; systems | linux, gentoo; advisories | CVE-2014-0480, CVE-2014-0481, CVE-2014-0482, CVE-2014-0483; SHA-256 | f7c853cbb69afa4284b4d978bb8f2dc5df475833df9c29ae53b639476cb70428; Download | Favorite | View

Ubuntu Security Notice USN-2347-1: Posted Sep 16, 2014; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 2347-1 - Florian Apolloner discovered that Django incorrectly validated URLs. A remote attacker could use this issue to conduct phishing attacks. David Wilson discovered that Django incorrectly handled file name generation. A remote attacker could use this issue to cause Django to consume resources, resulting in a denial of service. David Greisen discovered that Django incorrectly handled certain headers in contrib.auth.middleware.RemoteUserMiddleware. A remote authenticated user could use this issue to hijack web sessions. Various other issues were also addressed.; tags | advisory, remote, web, denial of service; systems | linux, ubuntu; advisories | CVE-2014-0480, CVE-2014-0481, CVE-2014-0482, CVE-2014-0483; SHA-256 | 0fab862d5b1bf1e311cd2052effe8e9230369135c3f2d4d77dc7db7767e25cc3; Download | Favorite | View

Mandriva Linux Security Advisory 2014-179: Posted Sep 8, 2014; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory 2014-179 - Updated python-django packages fix security vulnerabilities. These releases address an issue with reverse() generating external URLs, a denial of service involving file uploads, a potential session hijacking issue in the remote-user middleware, and a data leak in the administrative interface.; tags | advisory, remote, denial of service, vulnerability, python, file upload; systems | linux, mandriva; advisories | CVE-2014-0480, CVE-2014-0481, CVE-2014-0482, CVE-2014-0483; SHA-256 | 6c6ad9e0a3a6bafcc98db8f311aef9fa1f50f5df6bd7c716ee23a99b64a4d279; Download | Favorite | View

Debian Security Advisory 3010-1: Posted Aug 25, 2014; Authored by Debian | Site debian.org; Debian Linux Security Advisory 3010-1 - Several vulnerabilities were discovered in Django, a high-level Python web development framework.; tags | advisory, web, vulnerability, python; systems | linux, debian; advisories | CVE-2014-0480, CVE-2014-0481, CVE-2014-0482, CVE-2014-0483; SHA-256 | a870a2e3f43337f13da823b837e2b2a580c7b425c4bcfb883aa8dcf8c3bf1b98; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 232 files
Ubuntu 59 files
Debian 27 files
Valentin Lobstein 11 files
LiquidWorm 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,318)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,567)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,456)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

CVE-2014-0482

Overview

Related Files

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems