6 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
72.9%
The contrib.auth.middleware.RemoteUserMiddleware
middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.RemoteUserBackend
backend, allows remote authenticated users to hijack web sessions via vectors related to the REMOTE_USER
header.
lists.opensuse.org/opensuse-updates/2014-09/msg00023.html
www.debian.org/security/2014/dsa-3010
github.com/django/django/blob/aa3cb3f37265be37d892e2b391ff023e9caee2a4/docs/releases/1.5.9.txt#L42
github.com/django/django/commit/0268b855f9eab3377f2821164ef3e66037789e09
github.com/django/django/commit/5307ce565fbedb9cc27cbe7c757b41a00438d37c
github.com/django/django/commit/c9e3b9949cd55f090591fbdc4a114fcb8368b6d9
github.com/django/django/commit/dd68f319b365f6cb38c5a6c106faf4f6142d7d88
nvd.nist.gov/vuln/detail/CVE-2014-0482
www.djangoproject.com/weblog/2014/aug/20/security