Published: 04/09/2008 Updated: 08/03/2011

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

VMScore: 516

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P

The administration application in Django 0.91, 0.95, and 0.96 stores unauthenticated HTTP POST requests and processes them after successful authentication occurs, which allows remote malicious users to conduct cross-site request forgery (CSRF) attacks and delete or modify data via unspecified requests.

Vulnerable Product	Search on Vulmon	Subscribe to Product
django project django 0.95
django project django 0.96
django project django 0.91

Simon Willison discovered that in Django, a Python web framework, the feature to retain HTTP POST data during user reauthentication allowed a remote attacker to perform unauthorized modification of data through cross site request forgery This is possible regardless of the Django plugin to prevent cross site request forgery being enabled The Commo ...

CWE-352 http://www.openwall.com/lists/oss-security/2008/09/03/4 http://www.djangoproject.com/weblog/2008/sep/02/security/http://secunia.com/advisories/31837 https://bugzilla.redhat.com/show_bug.cgi?id=460966 https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00091.html https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00131.html http://www.debian.org/security/2008/dsa-1640 http://secunia.com/advisories/31961 http://osvdb.org/47906 http://www.vupen.com/english/advisories/2008/2533 https://nvd.nist.gov https://www.debian.org/security/./dsa-1640

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2008-3909

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect