CVE-2014-0482

2014-08-2614:55:00

CWE-287

[email protected]

web.nvd.nist.gov

cve-2014-0482

django

middleware

remoteusermiddleware

remoteuserbackend

web sessions

security vulnerability

5.8 Medium

AI Score

Confidence

Low

6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

72.9%

JSON

The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.RemoteUserBackend backend, allows remote authenticated users to hijack web sessions via vectors related to the REMOTE_USER header.

CPENameOperatorVersion
opensuse:opensuseopensuseeq12.3
opensuse:opensuseopensuseeq13.1
djangoproject:djangodjangoproject djangoeq1.6
djangoproject:djangodjangoproject djangoeq1.6.5
djangoproject:djangodjangoproject djangoeq1.6.3
djangoproject:djangodjangoproject djangoeq1.6.4
djangoproject:djangodjangoproject djangoeq1.6.1
djangoproject:djangodjangoproject djangoeq1.6.2
djangoproject:djangodjangoproject djangoeq1.4.12
djangoproject:djangodjangoproject djangoeq1.4.9

CPE	Name	Operator	Version
opensuse:opensuse	opensuse	eq	12.3
opensuse:opensuse	opensuse	eq	13.1
djangoproject:django	djangoproject django	eq	1.6
djangoproject:django	djangoproject django	eq	1.6.5
djangoproject:django	djangoproject django	eq	1.6.3
djangoproject:django	djangoproject django	eq	1.6.4
djangoproject:django	djangoproject django	eq	1.6.1
djangoproject:django	djangoproject django	eq	1.6.2
djangoproject:django	djangoproject django	eq	1.4.12
djangoproject:django	djangoproject django	eq	1.4.9