The verify_exists functionality in the URLField implementation in Django prior to 1.2.7 and 1.3.x prior to 1.3.1 originally tests a URL's validity through a HEAD request, but then uses a GET request for the new target URL in the case of a redirect, which might allow remote malicious users to trigger arbitrary GET requests with an unintended source IP address via a crafted Location header.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
djangoproject django 0.91 |
||
djangoproject django 1.2.2 |
||
djangoproject django 1.0.1 |
||
djangoproject django 0.96 |
||
djangoproject django 1.2.1 |
||
djangoproject django 1.1.2 |
||
djangoproject django 1.0.2 |
||
djangoproject django |
||
djangoproject django 1.1 |
||
djangoproject django 1.0 |
||
djangoproject django 1.3 |
||
djangoproject django 1.2 |
||
djangoproject django 1.1.3 |
||
djangoproject django 0.95 |
||
djangoproject django 0.95.1 |
||
djangoproject django 1.2.3 |
||
djangoproject django 1.1.0 |
||
djangoproject django 1.2.4 |
||
djangoproject django 1.2.5 |