Published: 09/12/2016 Updated: 07/11/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Django 1.8.x prior to 1.8.16, 1.9.x prior to 1.9.11, and 1.10.x prior to 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote malicious users to obtain access to the database server by leveraging failure to manually specify a password in the database settings TEST dictionary.

Vulnerable Product	Search on Vulmon	Subscribe to Product
djangoproject django 1.10
djangoproject django 1.10.1
djangoproject django 1.10.2
canonical ubuntu linux 16.10
canonical ubuntu linux 12.04
canonical ubuntu linux 16.04
canonical ubuntu linux 14.04
djangoproject django 1.9.6
djangoproject django 1.9.9
djangoproject django 1.9.5
djangoproject django 1.9.3
djangoproject django 1.9.4
djangoproject django 1.9.7
djangoproject django 1.9.1
djangoproject django 1.9
djangoproject django 1.9.8
djangoproject django 1.9.2
djangoproject django 1.9.10
djangoproject django 1.8.15
djangoproject django 1.8.2
djangoproject django 1.8.14
djangoproject django 1.8.1
djangoproject django 1.8.7
djangoproject django 1.8.9
djangoproject django 1.8.11
djangoproject django 1.8.3
djangoproject django 1.8.12
djangoproject django 1.8.4
djangoproject django 1.8.6
djangoproject django 1.8
djangoproject django 1.8.13
djangoproject django 1.8.8
djangoproject django 1.8.5
djangoproject django 1.8.10
fedoraproject fedora 25
fedoraproject fedora 24

Several security issues were fixed in Django ...

Several vulnerabilities were discovered in Django, a high-level Python web development framework The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-9013 Marti Raudsepp reported that a user with a hardcoded password is created when running tests with an Oracle database CVE-2016-9014 Aymeric Au ...

Debian Bug report logs - #859516 python-django: CVE-2017-7234: Open redirect vulnerability in djangoviewsstaticserve() Package: src:python-django; Maintainer for src:python-django is Debian Python Modules Team <python-modules-team@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: ...

Debian Bug report logs - #842856 python-django: CVE-2016-9013 CVE-2016-9014 Package: src:python-django; Maintainer for src:python-django is Debian Python Modules Team <python-modules-team@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 1 Nov 2016 19:39:02 UTC Severity: impo ...

Debian Bug report logs - #859515 python-django: CVE-2017-7233: Open redirect and possible XSS attack via user-supplied numeric redirect URLs Package: src:python-django; Maintainer for src:python-django is Debian Python Modules Team <python-modules-team@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@deb ...

Django 18x before 1816, 19x before 1911, and 110x before 1103 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the database server by leveraging failure to manually specify a password in the database settings TEST dic ...

When running tests with an Oracle database, Django creates a temporary database user In older versions, if a password isn't manually specified in the database settings TEST dictionary, a hardcoded password is used This could allow an attacker with network access to the database server to connect This user is usually dropped after the test suite ...

Uleska CLI for ease of integration with CI/CD and similar systems

uleska-automate Uleska CLI for ease of integration with CI/CD and similar systems ___ ___ ___ _______ ________ ___ __ ________ |\ \|\ \|\ \ |\ ___ \ |\ ____\|\ \|\ \ |\ __ \ \ \ \\\ \ \ \ \ \ __/|\ \ \___|\ \ \/ /|\ \ \|\ \ \ \ \\\ \ \ \ \ \ \_|/_\ \_____ \ \ ___ \ \ __ \ \ \ \\\ \ \ \____\ \ \_|\ \

Uleska CLI for ease of integration with CI/CD and similar systems

uleska-automate Uleska CLI for ease of integration with CI/CD and similar systems ___ ___ ___ _______ ________ ___ __ ________ |\ \|\ \|\ \ |\ ___ \ |\ ____\|\ \|\ \ |\ __ \ \ \ \\\ \ \ \ \ \ __/|\ \ \___|\ \ \/ /|\ \ \|\ \ \ \ \\\ \ \ \ \ \ \_|/_\ \_____ \ \ ___ \ \ __ \ \ \ \\\ \ \ \____\ \ \_|\ \

CWE-798 http://www.securitytracker.com/id/1037159 http://www.ubuntu.com/usn/USN-3115-1 https://www.djangoproject.com/weblog/2016/nov/01/security-releases/http://www.securityfocus.com/bid/94069 http://www.debian.org/security/2017/dsa-3835 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QXDKJYHN74BWY3P7AR2UZDVJREQMRE6S/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OG5ROMUPS6C7BXELD3TAUUH7OBYV56WQ/https://usn.ubuntu.com/3115-1/https://nvd.nist.gov

CVE-2016-9013

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect