Description

The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.RemoteUserBackend backend, allows remote authenticated users to hijack web sessions via vectors related to the REMOTE_USER header.

Remediation

References

CVE-2014-0482

Related Vulnerabilities

WordPress Plugin Starfish Review Generation & Marketing for WordPress Security Bypass (2.0.0)

Jboss EAP Improper Input Validation Vulnerability (CVE-2019-12400)

WordPress Plugin AccessPress Custom CSS includes Backdoor [Only if downloaded via the vendor website] (2.0.1)

WordPress Plugin Recall Products Multiple Vulnerabilities (0.8)

Liferay DXP Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2023-33945)

Severity

Medium

Classification

CVE-2014-0482 CWE-287

Tags

Missing Update Known Vulnerabilities