Description

The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.RemoteUserBackend backend, allows remote authenticated users to hijack web sessions via vectors related to the REMOTE_USER header.

Remediation

References

CVE-2014-0482

Related Vulnerabilities

WordPress Plugin Cooked Pro Cross-Site Scripting (1.7.5.5)

Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-7827)

PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0067)

WordPress Plugin MC4WP:Mailchimp for WordPress Cross-Site Request Forgery (4.8.4)

WordPress Plugin Captcha by BestWebSoft Security Bypass (3.8.7)

Severity

Medium

Classification

CVE-2014-0482 CWE-287

Tags

Missing Update Known Vulnerabilities