Description
Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2011-0838 Vulnerability (CVE-2011-0838)
Apache Tomcat Improperly Implemented Security Check for Standard Vulnerability (CVE-2017-15706)
WordPress Plugin WP Dynamic Keywords Injector Cross-Site Request Forgery (2.3.15)
WordPress Plugin Pagination by BestWebSoft Cross-Site Scripting (1.0.6)
WordPress Plugin WP Import Export Information Disclosure (3.9.15)