Lucene search

Ubuntu.comUB:CVE-2007-5828

HistoryNov 05, 2007 - 12:00 a.m.

CVE-2007-5828

2007-11-0500:00:00

ubuntu.com

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

56.3%

JSON

DISPUTED Cross-site request forgery (CSRF) vulnerability in the
admin panel in Django 0.96 allows remote attackers to change passwords of
arbitrary users via a request to admin/auth/user/1/password/. NOTE: this
issue has been disputed by Debian, since product documentation includes a
recommendation for a CSRF protection module that is included with the
product. However, CVE considers this an issue because the default
configuration does not use this module.

Notes

Author	Note
mdeslaur	let’s ignore this also

References

launchpad.net/bugs/cve/CVE-2007-5828

nvd.nist.gov/vuln/detail/CVE-2007-5828

security-tracker.debian.org/tracker/CVE-2007-5828

www.cve.org/CVERecord?id=CVE-2007-5828

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

56.3%

JSON

Related for UB:CVE-2007-5828