CVE-2012-4520

Published: Nov 18, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

The django.http.HttpRequest.get_host function in Django 1.3.x before 1.3.4 and 1.4.x before 1.4.2 allows remote attackers to generate and display arbitrary URLs via crafted username and password Host header values.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20121029 Re: CVE Request: Django

mailing-list

x_refsource_MLIST

1027708

vdb-entry

x_refsource_SECTRACK

https://github.com/django/django/commit/b45c377f8f488955e0c7069cad3f3dd21910b071

x_refsource_CONFIRM

86493

vdb-entry

x_refsource_OSVDB

51314

third-party-advisory

x_refsource_SECUNIA

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691145

x_refsource_MISC

FEDORA-2012-16440

vendor-advisory

x_refsource_FEDORA

USN-1757-1

vendor-advisory

x_refsource_UBUNTU

https://github.com/django/django/commit/92d3430f12171f16f566c9050c40feefb830a4a3

x_refsource_CONFIRM

DSA-2634

vendor-advisory

x_refsource_DEBIAN

https://www.djangoproject.com/weblog/2012/oct/17/security/

x_refsource_CONFIRM

FEDORA-2012-16417

vendor-advisory

x_refsource_FEDORA

https://github.com/django/django/commit/9305c0e12d43c4df999c3301a1f0c742264a657e

x_refsource_CONFIRM

51033

third-party-advisory

x_refsource_SECUNIA

https://bugzilla.redhat.com/show_bug.cgi?id=865164

x_refsource_MISC

FEDORA-2012-16406

vendor-advisory

x_refsource_FEDORA

USN-1632-1

vendor-advisory

x_refsource_UBUNTU

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2012-4520

Description

Affected Products

References