WEB APPLICATION VULNERABILITIES Standard & Premium

Django CVE-2014-1418 Vulnerability (CVE-2014-1418)

Description

Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly include the (1) Vary: Cookie or (2) Cache-Control header in responses, which allows remote attackers to obtain sensitive information or poison the cache via a request from certain browsers.

Remediation

References

Related Vulnerabilities

GlassFish CVE-2010-4438 Vulnerability (CVE-2010-4438)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-4290)

WordPress Plugin Highlight Search Terms Cross-Site Scripting (1.3)

YetiForce CRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-1340)

PHP Improper Input Validation Vulnerability (CVE-2014-3487)

Severity

Medium

Classification

Tags

Missing Update Known Vulnerabilities