Description
The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to bypass CSRF protections by reading the CSRF cookie for anonymous users.
Remediation
References
Related Vulnerabilities
Apache HTTP Server CVE-2024-40725 Vulnerability (CVE-2024-40725)
MySQL Other Vulnerability (CVE-2010-3681)
PostgreSQL Numeric Errors Vulnerability (CVE-2010-0442)
WordPress Plugin WP Maps-Display Google Maps Perfectly with Ease Cross-Site Request Forgery (4.0.9)
WordPress 3.8.x Denial of Service Vulnerability (3.8 - 3.8.25)