CVE-2011-0696

Published Feb 14, 2011

Last updated 14 years ago

Overview

Description: Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via forged AJAX requests that leverage a "combination of browser plugins and redirects," a related issue to CVE-2011-0447.
Source: secalert@redhat.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-352

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:djangoproject:django:1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "56846659-96C8-497C-8404-3975E5B6385B"
          },
          {
            "criteria": "cpe:2.3:a:djangoproject:django:1.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2DAB4639-B81D-412A-A081-EFF46737CA5D"
          },
          {
            "criteria": "cpe:2.3:a:djangoproject:django:1.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BF068CD9-B33A-4C51-9FBA-CFDAE91E174E"
          },
          {
            "criteria": "cpe:2.3:a:djangoproject:django:1.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "26D338D9-1504-4933-B833-BD7F1864E89D"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:djangoproject:django:1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AD257D91-EF31-4103-9007-944603ABA271"
          },
          {
            "criteria": "cpe:2.3:a:djangoproject:django:1.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "99387F31-9E04-4A73-A1C6-C05F96A8DB38"
          },
          {
            "criteria": "cpe:2.3:a:djangoproject:django:1.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "064C9403-8A43-42C7-A1FD-03CC49A32FB1"
          },
          {
            "criteria": "cpe:2.3:a:djangoproject:django:1.2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5BCDB95B-88F2-466A-A4F9-4C080183E39B"
          },
          {
            "criteria": "cpe:2.3:a:djangoproject:django:1.2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "17B99C62-A653-45C1-A061-05A8FAD52107"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References