6 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
72.9%
The contrib.auth.middleware.RemoteUserMiddleware middleware in Django
before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before
release candidate 3, when using the contrib.auth.backends.RemoteUserBackend
backend, allows remote authenticated users to hijack web sessions via
vectors related to the REMOTE_USER header.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 10.04 | noarch | python-django | < 1.1.1-2ubuntu1.13 | UNKNOWN |
ubuntu | 12.04 | noarch | python-django | < 1.3.1-4ubuntu1.12 | UNKNOWN |
ubuntu | 14.04 | noarch | python-django | < 1.6.1-2ubuntu0.4 | UNKNOWN |