Description

Django before 1.2.7 and 1.3.x before 1.3.1 uses a request's HTTP Host header to construct a full URL in certain circumstances, which allows remote attackers to conduct cache poisoning attacks via a crafted request.

Remediation

References

CVE-2011-4139

Related Vulnerabilities

MySQL CVE-2016-5630 Vulnerability (CVE-2016-5630)

Moment.js Uncontrolled Resource Consumption Vulnerability (CVE-2017-18214)

ownCloud Improper Input Validation Vulnerability (CVE-2015-7699)

WordPress Plugin OAuth Single Sign On-SSO (OAuth Client) Cross-Site Scripting (6.20.2)

WordPress 5.4.x Multiple Vulnerabilities (5.4 - 5.4.8)

Severity

Medium

Classification

CVE-2011-4139 CWE-20

Tags

Missing Update Known Vulnerabilities