Description

Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS.

Remediation

References

CVE-2016-9014

Related Vulnerabilities

WordPress Plugin Gallery-Flagallery Photo Portfolio Information Disclosure (4.24)

ownCloud Improper Access Control Vulnerability (CVE-2016-9462)

Drupal Core 8.9.x Directory Traversal (8.9.0 - 8.9.16)

WordPress Plugin Fancy Cats Multiple Cross-Site Scripting Vulnerabilities (1.1)

WebLogic Other Vulnerability (CVE-2020-10673)

Severity

High

Classification

CVE-2016-9014 CWE-264 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities