CVE-2012-4520
Published Nov 18, 2012
Last updated 12 years ago
Overview
- Description
- The django.http.HttpRequest.get_host function in Django 1.3.x before 1.3.4 and 1.4.x before 1.4.2 allows remote attackers to generate and display arbitrary URLs via crafted username and password Host header values.
- Source
- secalert@redhat.com
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.4
- Impact score
- 4.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-20
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:djangoproject:django:1.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8F5428AE-6B63-4D27-BCC4-F228264A6F0E"
},
{
"criteria": "cpe:2.3:a:djangoproject:django:1.3:alpha1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "06F122AC-B9BF-4E27-A7C0-F3E7B5E8A907"
},
{
"criteria": "cpe:2.3:a:djangoproject:django:1.3:beta1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "33D378F8-CFDC-4882-A838-406ABA7AD8CC"
},
{
"criteria": "cpe:2.3:a:djangoproject:django:1.3.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "132795AE-92DD-42CB-A59E-5F7136F93B46"
},
{
"criteria": "cpe:2.3:a:djangoproject:django:1.3.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6B5BE262-260E-4250-8F68-7392FD68970E"
},
{
"criteria": "cpe:2.3:a:djangoproject:django:1.3.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F18B54E2-447B-4B38-9E88-6833F67EB24C"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:djangoproject:django:1.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9A79FF7F-8F92-4FEB-96CC-6B15D0CE920D"
},
{
"criteria": "cpe:2.3:a:djangoproject:django:1.4.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "13EF02D4-406C-4146-9B8F-FAC906E7B6E5"
}
],
"operator": "OR"
}
]
}
]