Back to search
CVE-2011-0696
Published: Feb 14, 2011
Modified: Aug 6, 2024
PUBLISHED
Description
Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via forged AJAX requests that leverage a "combination of browser plugins and redirects," a related issue to CVE-2011-0447.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
43297
third-party-advisory
x_refsource_SECUNIA
43382
third-party-advisory
x_refsource_SECUNIA
ADV-2011-0439
vdb-entry
x_refsource_VUPEN
ADV-2011-0429
vdb-entry
x_refsource_VUPEN
[oss-security] 20110209 Django multiple flaws (CVEs inside)
mailing-list
x_refsource_MLIST
43230
third-party-advisory
x_refsource_SECUNIA
43426
third-party-advisory
x_refsource_SECUNIA
https://bugzilla.redhat.com/show_bug.cgi?id=676357
x_refsource_CONFIRM
ADV-2011-0372
vdb-entry
x_refsource_VUPEN
FEDORA-2011-1261
vendor-advisory
x_refsource_FEDORA
ADV-2011-0441
vdb-entry
x_refsource_VUPEN
USN-1066-1
vendor-advisory
x_refsource_UBUNTU
46296
vdb-entry
x_refsource_BID
MDVSA-2011:031
vendor-advisory
x_refsource_MANDRIVA
DSA-2163
vendor-advisory
x_refsource_DEBIAN
http://www.djangoproject.com/weblog/2011/feb/08/security/
x_refsource_CONFIRM
ADV-2011-0388
vdb-entry
x_refsource_VUPEN
FEDORA-2011-1235
vendor-advisory
x_refsource_FEDORA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now