Description

The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.RemoteUserBackend backend, allows remote authenticated users to hijack web sessions via vectors related to the REMOTE_USER header.

Remediation

References

CVE-2014-0482

Related Vulnerabilities

Drupal Core 4.7.x SQL Injection (4.7.0 - 4.7.8)

WordPress Plugin Newsletter-Send awesome emails from WordPress Open Redirect (3.7.0)

WordPress Plugin WP Support Plus Responsive Ticket System SQL Injection (7.1.4)

Liferay Portal Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2021-33320)

WordPress Plugin Print, PDF, Email by PrintFriendly Multiple Cross-Site Scripting Vulnerabilities (3.3.7)

Severity

Medium

Classification

CVE-2014-0482 CWE-287

Tags

Missing Update Known Vulnerabilities