CVE-2012-4520
6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
6.6 Medium
AI Score
Confidence
Low
0.007 Low
EPSS
Percentile
79.9%
The django.http.HttpRequest.get_host function in Django 1.3.x before 1.3.4 and 1.4.x before 1.4.2 allows remote attackers to generate and display arbitrary URLs via crafted username and password Host header values.
Affected configurations
References
bugs.debian.org/cgi-bin/bugreport.cgi?bug=691145
lists.fedoraproject.org/pipermail/package-announce/2012-October/090666.html
lists.fedoraproject.org/pipermail/package-announce/2012-October/090904.html
lists.fedoraproject.org/pipermail/package-announce/2012-October/090970.html
secunia.com/advisories/51033
secunia.com/advisories/51314
securitytracker.com/id?1027708
ubuntu.com/usn/usn-1632-1
ubuntu.com/usn/usn-1757-1
www.debian.org/security/2013/dsa-2634
www.openwall.com/lists/oss-security/2012/10/30/4
www.osvdb.org/86493
bugzilla.redhat.com/show_bug.cgi?id=865164
github.com/django/django/commit/92d3430f12171f16f566c9050c40feefb830a4a3
github.com/django/django/commit/9305c0e12d43c4df999c3301a1f0c742264a657e
github.com/django/django/commit/b45c377f8f488955e0c7069cad3f3dd21910b071
www.djangoproject.com/weblog/2012/oct/17/security/
Related
6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
6.6 Medium
AI Score
Confidence
Low
0.007 Low
EPSS
Percentile
79.9%