Description

The verify_exists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 originally tests a URL's validity through a HEAD request, but then uses a GET request for the new target URL in the case of a redirect, which might allow remote attackers to trigger arbitrary GET requests with an unintended source IP address via a crafted Location header.

Remediation

References

CVE-2011-4138

Related Vulnerabilities

Apache 2.x version older than 2.0.51

WordPress Plugin WooCommerce Product Feed for Google, Facebook, eBay and Many More Security Bypass (2.2.26)

MySQL CVE-2015-4864 Vulnerability (CVE-2015-4864)

WordPress Plugin ForumConverter SQL Injection (1.11)

YUI Library Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-4941)

Severity

Medium

Classification

CVE-2011-4138 CWE-20

Tags

Missing Update Known Vulnerabilities