Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2014-0473

Published: 23/04/2014 Updated: 07/01/2017
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Django

Vulnerability Summary

The caching framework in Django prior to 1.4.11, 1.5.x prior to 1.5.6, 1.6.x prior to 1.6.3, and 1.7.x prior to 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote malicious users to bypass CSRF protections by reading the CSRF cookie for anonymous users.

Vulnerable Product Search on Vulmon Subscribe to Product

djangoproject django 1.5.5

djangoproject django 1.5.4

djangoproject django 1.5.1

djangoproject django 1.5

djangoproject django 1.5.3

djangoproject django 1.5.2

djangoproject django 1.6.1

djangoproject django 1.6

djangoproject django 1.6.2

djangoproject django 1.7

djangoproject django

djangoproject django 1.4.9

djangoproject django 1.4.7

djangoproject django 1.4.8

djangoproject django 1.4.2

djangoproject django 1.4.4

djangoproject django 1.4.3

djangoproject django 1.4.5

djangoproject django 1.4.6

djangoproject django 1.4

djangoproject django 1.4.1

canonical ubuntu linux 12.04

canonical ubuntu linux 12.10

canonical ubuntu linux 13.10

canonical ubuntu linux 10.04

canonical ubuntu linux 14.04

Vendor Advisories

Ubuntu Security Notice: python-django vulnerabilities
Several security issues were fixed in Django ...
Ubuntu Security Notice: python-django regression
USN-2169-1 introduced a regression in Django ...
Debian Security Advisories: DSA-2934-1 python-django -- security update
Several vulnerabilities were discovered in Django, a high-level Python web development framework The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-0472 Benjamin Bach discovered that Django incorrectly handled dotted Python paths when using the reverse() URL resolver function An attacker able ...
Red Hat: CVE-2014-0473
The caching framework in Django before 1411, 15x before 156, 16x before 163, and 17x before 17 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to bypass CSRF protections by reading the CSRF cookie for anonymous users ...

References

CWE-264https://www.djangoproject.com/weblog/2014/apr/21/security/http://www.ubuntu.com/usn/USN-2169-1http://rhn.redhat.com/errata/RHSA-2014-0457.htmlhttp://www.debian.org/security/2014/dsa-2934http://rhn.redhat.com/errata/RHSA-2014-0456.htmlhttp://lists.opensuse.org/opensuse-updates/2014-09/msg00023.htmlhttp://secunia.com/advisories/61281https://nvd.nist.govhttps://usn.ubuntu.com/2169-1/https://access.redhat.com/security/cve/cve-2014-0473
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-1183hard-codedCVE-2024-28254CVE-2023-43790buffer overflowbypassCVE-2024-32633CVE-2024-1874CVE-2024-23558
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook