Lucene search

[email protected]NVD:CVE-2016-9014

HistoryDec 09, 2016 - 8:59 p.m.

CVE-2016-9014

2016-12-0920:59:06

CWE-264

[email protected]

web.nvd.nist.gov

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

0.017 Low

EPSS

Percentile

87.7%

JSON

Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS.

Affected configurations

NVD

Node

fedoraprojectfedoraMatch24

fedoraprojectfedoraMatch25

Node

canonicalubuntu_linuxMatch12.04lts

canonicalubuntu_linuxMatch14.04lts

canonicalubuntu_linuxMatch16.04lts

canonicalubuntu_linuxMatch16.10

Node

djangoprojectdjangoMatch1.8

djangoprojectdjangoMatch1.8.1

djangoprojectdjangoMatch1.8.2

djangoprojectdjangoMatch1.8.3

djangoprojectdjangoMatch1.8.4

djangoprojectdjangoMatch1.8.5

djangoprojectdjangoMatch1.8.6

djangoprojectdjangoMatch1.8.7

djangoprojectdjangoMatch1.8.8

djangoprojectdjangoMatch1.8.9

djangoprojectdjangoMatch1.8.10

djangoprojectdjangoMatch1.8.11

djangoprojectdjangoMatch1.8.12

djangoprojectdjangoMatch1.8.13

djangoprojectdjangoMatch1.8.14

djangoprojectdjangoMatch1.8.15

Node

djangoprojectdjangoMatch1.10

djangoprojectdjangoMatch1.10.1

djangoprojectdjangoMatch1.10.2

Node

djangoprojectdjangoMatch1.9

djangoprojectdjangoMatch1.9.1

djangoprojectdjangoMatch1.9.2

djangoprojectdjangoMatch1.9.3

djangoprojectdjangoMatch1.9.4

djangoprojectdjangoMatch1.9.5

djangoprojectdjangoMatch1.9.6

djangoprojectdjangoMatch1.9.7

djangoprojectdjangoMatch1.9.8

djangoprojectdjangoMatch1.9.9

djangoprojectdjangoMatch1.9.10

References

www.debian.org/security/2017/dsa-3835

www.securityfocus.com/bid/94068

www.securitytracker.com/id/1037159

www.ubuntu.com/usn/USN-3115-1

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OG5ROMUPS6C7BXELD3TAUUH7OBYV56WQ/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QXDKJYHN74BWY3P7AR2UZDVJREQMRE6S/

www.djangoproject.com/weblog/2016/nov/01/security-releases/

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

0.017 Low

EPSS

Percentile

87.7%

JSON

Related for NVD:CVE-2016-9014

cve1 osv4 prion1 ubuntucve1 openvas7 github1 debiancve1 redhatcve1 alpinelinux1 cvelist1 altlinux2 mageia1 archlinux2 nessus9 fedora2 freebsd1 ubuntu1 debian2