Lucene search

[email protected]NVD:CVE-2016-9013

HistoryDec 09, 2016 - 8:59 p.m.

CVE-2016-9013

2016-12-0920:59:05

CWE-798

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.013 Low

EPSS

Percentile

85.9%

JSON

Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the database server by leveraging failure to manually specify a password in the database settings TEST dictionary.

Affected configurations

NVD

Node

djangoprojectdjangoMatch1.10

djangoprojectdjangoMatch1.10.1

djangoprojectdjangoMatch1.10.2

Node

canonicalubuntu_linuxMatch12.04lts

canonicalubuntu_linuxMatch14.04lts

canonicalubuntu_linuxMatch16.04lts

canonicalubuntu_linuxMatch16.10

Node

djangoprojectdjangoMatch1.9

djangoprojectdjangoMatch1.9.1

djangoprojectdjangoMatch1.9.2

djangoprojectdjangoMatch1.9.3

djangoprojectdjangoMatch1.9.4

djangoprojectdjangoMatch1.9.5

djangoprojectdjangoMatch1.9.6

djangoprojectdjangoMatch1.9.7

djangoprojectdjangoMatch1.9.8

djangoprojectdjangoMatch1.9.9

djangoprojectdjangoMatch1.9.10

Node

djangoprojectdjangoMatch1.8

djangoprojectdjangoMatch1.8.1

djangoprojectdjangoMatch1.8.2

djangoprojectdjangoMatch1.8.3

djangoprojectdjangoMatch1.8.4

djangoprojectdjangoMatch1.8.5

djangoprojectdjangoMatch1.8.6

djangoprojectdjangoMatch1.8.7

djangoprojectdjangoMatch1.8.8

djangoprojectdjangoMatch1.8.9

djangoprojectdjangoMatch1.8.10

djangoprojectdjangoMatch1.8.11

djangoprojectdjangoMatch1.8.12

djangoprojectdjangoMatch1.8.13

djangoprojectdjangoMatch1.8.14

djangoprojectdjangoMatch1.8.15

Node

fedoraprojectfedoraMatch24

fedoraprojectfedoraMatch25

References

www.debian.org/security/2017/dsa-3835

www.securityfocus.com/bid/94069

www.securitytracker.com/id/1037159

www.ubuntu.com/usn/USN-3115-1

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OG5ROMUPS6C7BXELD3TAUUH7OBYV56WQ/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QXDKJYHN74BWY3P7AR2UZDVJREQMRE6S/

www.djangoproject.com/weblog/2016/nov/01/security-releases/

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.013 Low

EPSS

Percentile

85.9%

JSON

Related for NVD:CVE-2016-9013

alpinelinux1 cve1 osv4 github1 prion1 ubuntucve1 redhatcve1 cvelist1 debiancve1 nessus7 fedora2 altlinux2 mageia1 openvas6 archlinux2 ubuntu1 freebsd1 debian2