← Voltar para CVEs

CVE-2014-0482

N/A

Descricao

The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.RemoteUserBackend backend, allows remote authenticated users to hijack web sessions via vectors related to the REMOTE_USER header.

Detalhes CVE

Pontuacao CVSS v3.1N/A

Publicado8/26/2014

Ultima modificacao4/12/2025

Fontenvd

Avistamentos honeypot0

Produtos afetados

djangoproject:djangoopensuse:opensuse

Fraquezas (CWE)

CWE-287

Referencias

http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html(security@debian.org)

http://secunia.com/advisories/59782(security@debian.org)

http://secunia.com/advisories/61276(security@debian.org)

http://secunia.com/advisories/61281(security@debian.org)

http://www.debian.org/security/2014/dsa-3010(security@debian.org)

https://www.djangoproject.com/weblog/2014/aug/20/security/(security@debian.org)

http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html(af854a3a-2127-422b-91ae-364da2661108)

http://secunia.com/advisories/59782(af854a3a-2127-422b-91ae-364da2661108)

http://secunia.com/advisories/61276(af854a3a-2127-422b-91ae-364da2661108)

http://secunia.com/advisories/61281(af854a3a-2127-422b-91ae-364da2661108)

http://www.debian.org/security/2014/dsa-3010(af854a3a-2127-422b-91ae-364da2661108)

https://www.djangoproject.com/weblog/2014/aug/20/security/(af854a3a-2127-422b-91ae-364da2661108)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.