Description

Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS.

Remediation

References

CVE-2016-9014

Related Vulnerabilities

Varnish Cache Reachable Assertion Vulnerability (CVE-2019-15892)

WordPress Plugin Download Plugin Arbitrary Directory Download (1.0.1)

WordPress Plugin PowerPress Podcasting by Blubrry Cross-Site Scripting (6.0)

WordPress Plugin WP Design Maps & Places Cross-Site Scripting (1.2)

Serendipity URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-5474)

Severity

High

Classification

CVE-2016-9014 CWE-264 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities