Description

The django.http.HttpRequest.get_host function in Django 1.3.x before 1.3.4 and 1.4.x before 1.4.2 allows remote attackers to generate and display arbitrary URLs via crafted username and password Host header values.

Remediation

References

CVE-2012-4520

Related Vulnerabilities

Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.15)

Oracle Database Server CVE-2006-1870 Vulnerability (CVE-2006-1870)

Tornado Observable Differences in Behavior to Error Inputs Vulnerability (CVE-2014-9720)

WordPress 3.7.x Multiple Vulnerabilities (3.7 - 3.7.32)

OpenSSL Resource Management Errors Vulnerability (CVE-2015-1792)

Severity

Medium

Classification

CVE-2012-4520 CWE-20

Tags

Missing Update Known Vulnerabilities