Lucene search

[email protected]CVE-2015-5144

HistoryJul 14, 2015 - 5:59 p.m.

CVE-2015-5144

2015-07-1417:59:07

CWE-20

[email protected]

web.nvd.nist.gov

django

http response splitting

cve-2015-5144

emailvalidator

urlvalidator

validate_ipv4_address

validate_slug validator

nvd

6.5 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.006 Low

EPSS

Percentile

78.7%

JSON

Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an (1) email message to the EmailValidator, a (2) URL to the URLValidator, or unspecified vectors to the (3) validate_ipv4_address or (4) validate_slug validator.

Affected configurations

NVD

Node

canonicalubuntu_linuxMatch12.04lts

canonicalubuntu_linuxMatch14.04lts

canonicalubuntu_linuxMatch15.04

canonicalubuntu_linuxMatch15.10

Node

djangoprojectdjangoRange≤1.4.20

djangoprojectdjangoMatch1.5

djangoprojectdjangoMatch1.5alpha

djangoprojectdjangoMatch1.5beta

djangoprojectdjangoMatch1.5.1

djangoprojectdjangoMatch1.5.2

djangoprojectdjangoMatch1.5.3

djangoprojectdjangoMatch1.5.4

djangoprojectdjangoMatch1.5.5

djangoprojectdjangoMatch1.5.6

djangoprojectdjangoMatch1.5.7

djangoprojectdjangoMatch1.5.8

djangoprojectdjangoMatch1.5.9

djangoprojectdjangoMatch1.5.10

djangoprojectdjangoMatch1.5.11

djangoprojectdjangoMatch1.5.12

djangoprojectdjangoMatch1.6-

djangoprojectdjangoMatch1.6beta1

djangoprojectdjangoMatch1.6beta2

djangoprojectdjangoMatch1.6beta3

djangoprojectdjangoMatch1.6beta4

djangoprojectdjangoMatch1.6.1

djangoprojectdjangoMatch1.6.2

djangoprojectdjangoMatch1.6.3

djangoprojectdjangoMatch1.6.4

djangoprojectdjangoMatch1.6.5

djangoprojectdjangoMatch1.6.6

djangoprojectdjangoMatch1.6.7

djangoprojectdjangoMatch1.6.8

djangoprojectdjangoMatch1.6.9

djangoprojectdjangoMatch1.6.10

djangoprojectdjangoMatch1.7beta1

djangoprojectdjangoMatch1.7beta2

djangoprojectdjangoMatch1.7beta3

djangoprojectdjangoMatch1.7beta4

djangoprojectdjangoMatch1.7rc1

djangoprojectdjangoMatch1.7rc2

djangoprojectdjangoMatch1.7rc3

djangoprojectdjangoMatch1.7.1

djangoprojectdjangoMatch1.7.2

djangoprojectdjangoMatch1.7.3

djangoprojectdjangoMatch1.7.4

djangoprojectdjangoMatch1.7.5

djangoprojectdjangoMatch1.7.6

djangoprojectdjangoMatch1.7.7

djangoprojectdjangoMatch1.7.8

djangoprojectdjangoMatch1.7.9

djangoprojectdjangoMatch1.8beta1

djangoprojectdjangoMatch1.8.0

djangoprojectdjangoMatch1.8.1

djangoprojectdjangoMatch1.8.2

Node

debiandebian_linuxMatch7.0

debiandebian_linuxMatch8.0

Node

oraclesolarisMatch11.3

CPENameOperatorVersion
canonical:ubuntu_linuxcanonical ubuntu linuxeq12.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq14.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq15.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq15.10

CPE	Name	Operator	Version
canonical:ubuntu_linux	canonical ubuntu linux	eq	12.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	14.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	15.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	15.10