7.4 High
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
72.4%
The CSRF protection mechanism in Django through 1.2.7 and 1.3.x through
1.3.1 does not properly handle web-server configurations supporting
arbitrary HTTP Host headers, which allows remote attackers to trigger
unauthenticated forged requests via vectors involving a DNS CNAME record
and a web page containing JavaScript code.
Author | Note |
---|---|
jdstrand | Upstream does not consider this a bug in Django but instead advises that web servers be properly configured: "To avoid this potential attack, we recommend that users of Django ensure their web-server configuration always validates incoming HTTP Host headers against the expected host name, disallows requests with no Host header, and that the web server not be configured with a catch-all virtual host which forwards requests to a Django application. in addition to the vulnerabilities python-django disclosed, they also posted 3 advisories. 2 of them did not receive a CVE, but this one did. Upstream is not planning on fixing the issue as it is depenedent on an insecure server configuration, as such there is nothing to be done in Ubuntu. |