Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4520

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2012-4520
Last Modified 03 May 2013 11:20:45
Published 18 Nov 2012 06:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-4520

Summary

The django.http.HttpRequest.get_host function in Django 1.3.x before 1.3.4 and 1.4.x before 1.4.2 allows remote attackers to generate and display arbitrary URLs via crafted username and password Host header values.

Vulnerable Systems

Application

  • Djangoproject Django 1.3

  • Djangoproject Django 1.3.1

  • Djangoproject Django 1.3.2

  • Djangoproject Django 1.3.3

  • Djangoproject Django 1.4

  • Djangoproject Django 1.4.1


References

CONFIRM - https://www.djangoproject.com/weblog/2012/oct/17/security/

CONFIRM - https://github.com/django/django/commit/b45c377f8f488955e0c7069cad3f3dd21910b071

CONFIRM - https://github.com/django/django/commit/9305c0e12d43c4df999c3301a1f0c742264a657e

CONFIRM - https://github.com/django/django/commit/92d3430f12171f16f566c9050c40feefb830a4a3

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=865164

OSVDB - 86493

MLIST - [oss-security] 20121029 Re: CVE Request: Django

UBUNTU - USN-1632-1

SECTRACK - 1027708

SECUNIA - 51314

SECUNIA - 51033

FEDORA - FEDORA-2012-16440

FEDORA - FEDORA-2012-16417

FEDORA - FEDORA-2012-16406

MISC - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691145

DEBIAN - DSA-2634

UBUNTU - USN-1757-1


Last Updated: 27 May 2016 10:53:45