CVE-2019-12781

🗓️ 01 Jul 2019 14:15:10Reported by [email protected]Type

Issue in Django not redirecting HTTP request to HTTPS with SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT setting

Reporter	Title	Published	Views	Family All 128
ALT Linux	Security fix for the ALT Linux 9 package python3-module-django version 2.2.3-alt1	15 Jul 201900:00	–	altlinux
ALT Linux	Security fix for the ALT Linux 10 package python3-module-django version 2.2.3-alt1	15 Jul 201900:00	–	altlinux
AlpineLinux	CVE-2019-12781	1 Jul 201913:56	–	alpinelinux
ArchLinux	[ASA-201907-2] python-django: silent downgrade	6 Jul 201900:00	–	archlinux
ArchLinux	[ASA-201907-3] python2-django: silent downgrade	6 Jul 201900:00	–	archlinux
FreeBSD	Django -- Incorrect HTTP detection with reverse-proxy connecting via HTTPS	1 Jul 201900:00	–	freebsd
BDU FSTEC	The vulnerability of the `django.http.HttpRequest.scheme` component in the Django library for the Python programming language allows attackers to access protected information.	16 Jul 201900:00	–	bdu_fstec
CNVD	Django Security Bypass Vulnerability (CNVD-2019-21074)	3 Jul 201900:00	–	cnvd
CVE	CVE-2019-12781	1 Jul 201913:56	–	cve
Cvelist	CVE-2019-12781	1 Jul 201913:56	–	cvelist

NVD

Node

djangoproject djangoRange1.11–1.11.22

Node

Source	Link
seclists	www.seclists.org/bugtraq/2019/Jul/10
debian	www.debian.org/security/2019/dsa-4476
security	www.security.netapp.com/advisory/ntap-20190705-0002/
djangoproject	www.djangoproject.com/weblog/2019/jul/01/security-releases/
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5VXXWIOQGXOB7JCGJ3CVUW673LDHKEYL/
docs	www.docs.djangoproject.com/en/dev/releases/security/
lists	www.lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
groups	www.groups.google.com/forum/
lists	www.lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
usn	www.usn.ubuntu.com/4043-1/

21 Nov 2024 04:23Current

5.5Medium risk

Vulners AI Score5.5

CVSS 25

CVSS 35.3

EPSS0.04217