Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4139

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2011-4139
Last Modified 26 Jan 2012 11:03:29
Published 19 Oct 2011 06:55:04
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-4139

Summary

Django before 1.2.7 and 1.3.x before 1.3.1 uses a request's HTTP Host header to construct a full URL in certain circumstances, which allows remote attackers to conduct cache poisoning attacks via a crafted request.

Vulnerable Systems

Application

  • Djangoproject Django 0.91

  • Djangoproject Django 0.95

  • Djangoproject Django 0.95.1

  • Djangoproject Django 0.96

  • Djangoproject Django 1.0

  • Djangoproject Django 1.0.1

  • Djangoproject Django 1.0.2

  • Djangoproject Django 1.1

  • Djangoproject Django 1.1.0

  • Djangoproject Django 1.1.2

  • Djangoproject Django 1.1.3

  • Djangoproject Django 1.2

  • Djangoproject Django 1.2.1

  • Djangoproject Django 1.2.2

  • Djangoproject Django 1.2.3

  • Djangoproject Django 1.2.4

  • Djangoproject Django 1.2.5

  • Djangoproject Django 1.2.6

  • Djangoproject Django 1.3


References

CONFIRM - https://www.djangoproject.com/weblog/2011/sep/10/127/

CONFIRM - https://www.djangoproject.com/weblog/2011/sep/09/

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=737366

MLIST - [oss-security] 20110913 Re: CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws

MLIST - [oss-security] 20110911 CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws

DEBIAN - DSA-2332

SECUNIA - 46614


Last Updated: 27 May 2016 10:57:23