5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.006 Low
EPSS
Percentile
78.5%
Django security releases issued:
When deployed behind a reverse-proxy connecting to Django via HTTPS,
django.http.HttpRequest.scheme would incorrectly detect client requests
made via HTTP as using HTTPS. This entails incorrect results for is_secure(),
and build_absolute_uri(), and that HTTP requests would not be redirected to
HTTPS in accordance with SECURE_SSL_REDIRECT.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | py27-django111 | < 1.11.22 | UNKNOWN |
FreeBSD | any | noarch | py35-django111 | < 1.11.22 | UNKNOWN |
FreeBSD | any | noarch | py36-django111 | < 1.11.22 | UNKNOWN |
FreeBSD | any | noarch | py37-django111 | < 1.11.22 | UNKNOWN |
FreeBSD | any | noarch | py35-django21 | < 2.1.10 | UNKNOWN |
FreeBSD | any | noarch | py36-django21 | < 2.1.10 | UNKNOWN |
FreeBSD | any | noarch | py37-django21 | < 2.1.10 | UNKNOWN |
FreeBSD | any | noarch | py35-django22 | < 2.2.3 | UNKNOWN |
FreeBSD | any | noarch | py36-django22 | < 2.2.3 | UNKNOWN |
FreeBSD | any | noarch | py37-django22 | < 2.2.3 | UNKNOWN |
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.006 Low
EPSS
Percentile
78.5%