Description
The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.RemoteUserBackend backend, allows remote authenticated users to hijack web sessions via vectors related to the REMOTE_USER header.
Remediation
References
Related Vulnerabilities
WordPress Plugin Cooked Pro Cross-Site Scripting (1.7.5.5)
Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-7827)
PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0067)
WordPress Plugin MC4WP:Mailchimp for WordPress Cross-Site Request Forgery (4.8.4)
WordPress Plugin Captcha by BestWebSoft Security Bypass (3.8.7)