Description

The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies.

Remediation

References

CVE-2016-7401

Related Vulnerabilities

Oracle Database Server Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-1675)

WordPress Plugin Broken Link Checker Cross-Site Scripting (1.10.8)

WordPress Plugin Better Font Awesome Cross-Site Scripting (2.0.3)

WordPress Plugin Advanced Custom Fields (ACF) 'acf_abspath' Parameter Remote File Include (3.5.1)

MySQL Other Vulnerability (CVE-2001-1255)

Severity

High

Classification

CVE-2016-7401 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities