| Vulnerability Name: | CVE-2012-4520 (CCN-79478) | ||||||||||||||||||||||||
| Assigned: | 2012-10-17 | ||||||||||||||||||||||||
| Published: | 2012-10-17 | ||||||||||||||||||||||||
| Updated: | 2013-05-04 | ||||||||||||||||||||||||
| Summary: | The django.http.HttpRequest.get_host function in Django 1.3.x before 1.3.4 and 1.4.x before 1.4.2 allows remote attackers to generate and display arbitrary URLs via crafted username and password Host header values. | ||||||||||||||||||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||||||||||||||||||
| CVSS v2 Severity: | 6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N) 4.7 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
| ||||||||||||||||||||||||
| Vulnerability Type: | CWE-20 | ||||||||||||||||||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||||||||||||||||||
| References: | Source: MISC Type: UNKNOWN http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691145 Source: MITRE Type: CNA CVE-2012-4520 Source: FEDORA Type: UNKNOWN FEDORA-2012-16406 Source: FEDORA Type: UNKNOWN FEDORA-2012-16417 Source: FEDORA Type: UNKNOWN FEDORA-2012-16440 Source: CCN Type: SA51033 Django Host Header Handling Weakness Source: SECUNIA Type: Vendor Advisory 51033 Source: SECUNIA Type: Vendor Advisory 51314 Source: SECTRACK Type: UNKNOWN 1027708 Source: UBUNTU Type: UNKNOWN USN-1632-1 Source: UBUNTU Type: UNKNOWN USN-1757-1 Source: DEBIAN Type: UNKNOWN DSA-2634 Source: DEBIAN Type: DSA-2634 python-django -- several vulnerabilities Source: MLIST Type: UNKNOWN [oss-security] 20121029 Re: CVE Request: Django Source: OSVDB Type: UNKNOWN 86493 Source: CCN Type: OSVDB ID: 86493 Django HttpRequest.get_host() Method HTTP Host Header Parsing Remote Information Disclosure Source: CCN Type: BID-56146 Django 'HttpRequest.get_host()' Information Disclosure Vulnerability Source: MISC Type: UNKNOWN https://bugzilla.redhat.com/show_bug.cgi?id=865164 Source: XF Type: UNKNOWN django-host-header-info-disc(79478) Source: CONFIRM Type: UNKNOWN https://github.com/django/django/commit/92d3430f12171f16f566c9050c40feefb830a4a3 Source: CONFIRM Type: UNKNOWN https://github.com/django/django/commit/9305c0e12d43c4df999c3301a1f0c742264a657e Source: CONFIRM Type: UNKNOWN https://github.com/django/django/commit/b45c377f8f488955e0c7069cad3f3dd21910b071 Source: CCN Type: Django Web site Security releases issued Source: CONFIRM Type: Patch, Vendor Advisory https://www.djangoproject.com/weblog/2012/oct/17/security/ | ||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||