Back to search
CVE-2008-3909
Published: Sep 4, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
The administration application in Django 0.91, 0.95, and 0.96 stores unauthenticated HTTP POST requests and processes them after successful authentication occurs, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and delete or modify data via unspecified requests.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
31837
third-party-advisory
x_refsource_SECUNIA
http://www.djangoproject.com/weblog/2008/sep/02/security/
x_refsource_CONFIRM
DSA-1640
vendor-advisory
x_refsource_DEBIAN
FEDORA-2008-7288
vendor-advisory
x_refsource_FEDORA
https://bugzilla.redhat.com/show_bug.cgi?id=460966
x_refsource_CONFIRM
ADV-2008-2533
vdb-entry
x_refsource_VUPEN
31961
third-party-advisory
x_refsource_SECUNIA
[oss-security] 20080903 django CSRF vuln
mailing-list
x_refsource_MLIST
FEDORA-2008-7672
vendor-advisory
x_refsource_FEDORA
47906
vdb-entry
x_refsource_OSVDB
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now