Lucene search

[email protected]NVD:CVE-2014-3730

HistoryMay 16, 2014 - 3:55 p.m.

CVE-2014-3730

2014-05-1615:55:05

CWE-20

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.2

Confidence

Low

EPSS

0.005

Percentile

75.2%

JSON

The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate URLs, which allows remote attackers to conduct open redirect attacks via a malformed URL, as demonstrated by “http:\\djangoproject.com.”

Affected configurations

Nvd

Node

canonicalubuntu_linuxMatch10.04-lts

canonicalubuntu_linuxMatch12.04-lts

canonicalubuntu_linuxMatch12.10

canonicalubuntu_linuxMatch13.10

canonicalubuntu_linuxMatch14.04lts

Node

djangoprojectdjangoMatch1.4

djangoprojectdjangoMatch1.4.1

djangoprojectdjangoMatch1.4.2

djangoprojectdjangoMatch1.4.4

djangoprojectdjangoMatch1.4.5

djangoprojectdjangoMatch1.4.6

djangoprojectdjangoMatch1.4.7

djangoprojectdjangoMatch1.4.8

djangoprojectdjangoMatch1.4.9

djangoprojectdjangoMatch1.4.10

djangoprojectdjangoMatch1.4.11

djangoprojectdjangoMatch1.4.12

Node

djangoprojectdjangoMatch1.7beta1

djangoprojectdjangoMatch1.7beta2

djangoprojectdjangoMatch1.7beta3

Node

opensuseopensuseMatch12.3

opensuseopensuseMatch13.1

Node

djangoprojectdjangoMatch1.6-

djangoprojectdjangoMatch1.6beta1

djangoprojectdjangoMatch1.6beta2

djangoprojectdjangoMatch1.6beta3

djangoprojectdjangoMatch1.6beta4

djangoprojectdjangoMatch1.6.1

djangoprojectdjangoMatch1.6.2

djangoprojectdjangoMatch1.6.3

djangoprojectdjangoMatch1.6.4

Node

debiandebian_linuxMatch7.0

debiandebian_linuxMatch8.0

Node

djangoprojectdjangoMatch1.5

djangoprojectdjangoMatch1.5alpha

djangoprojectdjangoMatch1.5beta

djangoprojectdjangoMatch1.5.1

djangoprojectdjangoMatch1.5.2

djangoprojectdjangoMatch1.5.3

djangoprojectdjangoMatch1.5.4

djangoprojectdjangoMatch1.5.5

djangoprojectdjangoMatch1.5.6

djangoprojectdjangoMatch1.5.7

VendorProductVersionCPE
canonicalubuntu_linux10.04cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*
canonicalubuntu_linux12.04cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
canonicalubuntu_linux12.10cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
canonicalubuntu_linux13.10cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*
canonicalubuntu_linux14.04cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
djangoprojectdjango1.4cpe:2.3:a:djangoproject:django:1.4:*:*:*:*:*:*:*
djangoprojectdjango1.4.1cpe:2.3:a:djangoproject:django:1.4.1:*:*:*:*:*:*:*
djangoprojectdjango1.4.2cpe:2.3:a:djangoproject:django:1.4.2:*:*:*:*:*:*:*
djangoprojectdjango1.4.4cpe:2.3:a:djangoproject:django:1.4.4:*:*:*:*:*:*:*
djangoprojectdjango1.4.5cpe:2.3:a:djangoproject:django:1.4.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
canonical	ubuntu_linux	10.04	cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:::::*
canonical	ubuntu_linux	12.04	cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:::::*
canonical	ubuntu_linux	12.10	cpe:2.3:o:canonical:ubuntu_linux:12.10:::::::*
canonical	ubuntu_linux	13.10	cpe:2.3:o:canonical:ubuntu_linux:13.10:::::::*
canonical	ubuntu_linux	14.04	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
djangoproject	django	1.4	cpe:2.3:a:djangoproject:django:1.4:::::::*
djangoproject	django	1.4.1	cpe:2.3:a:djangoproject:django:1.4.1:::::::*
djangoproject	django	1.4.2	cpe:2.3:a:djangoproject:django:1.4.2:::::::*
djangoproject	django	1.4.4	cpe:2.3:a:djangoproject:django:1.4.4:::::::*
djangoproject	django	1.4.5	cpe:2.3:a:djangoproject:django:1.4.5:::::::*