Oval Definition:oval:org.opensuse.security:def:201912781
Revision Date:2022-06-30Version:1
Title:CVE-2019-12781
Description:

An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words, django.http.HttpRequest.scheme has incorrect behavior when a client uses HTTP.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2019-12781
SUSE-SU-2019:2257-1
SUSE-SU-2019:2335-1
SUSE-SU-2019:2379-1
SUSE-SU-2019:3127-1
openSUSE-SU-2019:1839-1
openSUSE-SU-2019:1872-1
Mitre CVE-2019-12781
SUSE CVE-2019-12781
SUSE-SU-2019:2335-1
SUSE-SU-2019:2379-1
SUSE-SU-2019:3127-1
openSUSE-SU-2019:1839-1
openSUSE-SU-2019:1872-1
Platform(s):openSUSE Leap 15.1
openSUSE Tumbleweed
SUSE Linux Enterprise High Performance Computing 15 SP1
SUSE Linux Enterprise Server 15 SP1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
SUSE Linux Enterprise Storage 6
SUSE Manager Proxy 4.0
SUSE Manager Server 4.0
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud Crowbar 9
SUSE Package Hub for SUSE Linux Enterprise 15 SP1
Product(s):
Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND python-Django-1.8.19-3.18.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE OpenStack Cloud 8 is installed
  • OR SUSE OpenStack Cloud Crowbar 8 is installed
  • AND python-Django-1.11.23-3.12.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE OpenStack Cloud 9 is installed
  • OR SUSE OpenStack Cloud Crowbar 9 is installed
  • AND python-Django1-1.11.23-3.9.1 is installed
    • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • python-Django-2.2.4-lp151.2.3 is installed
  • AND python-Django is signed with openSUSE key
  • OR
  • python3-Django-2.2.4-lp151.2.3 is installed
  • AND python3-Django is signed with openSUSE key
    • Definition Synopsis
  • openSUSE Tumbleweed is installed
  • AND Package Information
  • python36-Django-3.2.7-2.3 is installed
  • OR python38-Django-3.2.7-2.3 is installed
  • OR python39-Django-3.2.7-2.3 is installed
    • Definition Synopsis
  • SUSE Package Hub for SUSE Linux Enterprise 15 SP1 is installed
  • AND python3-Django-2.2.4-bp151.3.3.1 is installed
    • BACK