Lucene search

[email protected]CVE-2015-5144

HistoryJul 14, 2015 - 5:59 p.m.

CVE-2015-5144

2015-07-1417:59:07

CWE-20

[email protected]

web.nvd.nist.gov

django

http response splitting

cve-2015-5144

emailvalidator

urlvalidator

validate_ipv4_address

validate_slug validator

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.5

Confidence

Low

EPSS

0.006

Percentile

78.8%

JSON

Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an (1) email message to the EmailValidator, a (2) URL to the URLValidator, or unspecified vectors to the (3) validate_ipv4_address or (4) validate_slug validator.

Affected configurations

NVD

Node

canonicalubuntu_linuxMatch12.04lts

canonicalubuntu_linuxMatch14.04lts

canonicalubuntu_linuxMatch15.04

canonicalubuntu_linuxMatch15.10

Node

djangoprojectdjangoRange≤1.4.20

djangoprojectdjangoMatch1.5

djangoprojectdjangoMatch1.5alpha

djangoprojectdjangoMatch1.5beta

djangoprojectdjangoMatch1.5.1

djangoprojectdjangoMatch1.5.2

djangoprojectdjangoMatch1.5.3

djangoprojectdjangoMatch1.5.4

djangoprojectdjangoMatch1.5.5

djangoprojectdjangoMatch1.5.6

djangoprojectdjangoMatch1.5.7

djangoprojectdjangoMatch1.5.8

djangoprojectdjangoMatch1.5.9

djangoprojectdjangoMatch1.5.10

djangoprojectdjangoMatch1.5.11

djangoprojectdjangoMatch1.5.12

djangoprojectdjangoMatch1.6-

djangoprojectdjangoMatch1.6beta1

djangoprojectdjangoMatch1.6beta2

djangoprojectdjangoMatch1.6beta3

djangoprojectdjangoMatch1.6beta4

djangoprojectdjangoMatch1.6.1

djangoprojectdjangoMatch1.6.2

djangoprojectdjangoMatch1.6.3

djangoprojectdjangoMatch1.6.4

djangoprojectdjangoMatch1.6.5

djangoprojectdjangoMatch1.6.6

djangoprojectdjangoMatch1.6.7

djangoprojectdjangoMatch1.6.8

djangoprojectdjangoMatch1.6.9

djangoprojectdjangoMatch1.6.10

djangoprojectdjangoMatch1.7beta1

djangoprojectdjangoMatch1.7beta2

djangoprojectdjangoMatch1.7beta3

djangoprojectdjangoMatch1.7beta4

djangoprojectdjangoMatch1.7rc1

djangoprojectdjangoMatch1.7rc2

djangoprojectdjangoMatch1.7rc3

djangoprojectdjangoMatch1.7.1

djangoprojectdjangoMatch1.7.2

djangoprojectdjangoMatch1.7.3

djangoprojectdjangoMatch1.7.4

djangoprojectdjangoMatch1.7.5

djangoprojectdjangoMatch1.7.6

djangoprojectdjangoMatch1.7.7

djangoprojectdjangoMatch1.7.8

djangoprojectdjangoMatch1.7.9

djangoprojectdjangoMatch1.8beta1

djangoprojectdjangoMatch1.8.0

djangoprojectdjangoMatch1.8.1

djangoprojectdjangoMatch1.8.2

Node

debiandebian_linuxMatch7.0

debiandebian_linuxMatch8.0

Node

oraclesolarisMatch11.3

VendorProductVersionCPE
canonicalubuntu_linux14.04cpe:/o:canonical:ubuntu_linux:14.04::lts:
canonicalubuntu_linux15.10cpe:/o:canonical:ubuntu_linux:15.10:::
canonicalubuntu_linux15.04cpe:/o:canonical:ubuntu_linux:15.04:::
canonicalubuntu_linux12.04cpe:/o:canonical:ubuntu_linux:12.04::lts:

Vendor	Product	Version	CPE
canonical	ubuntu_linux	14.04	cpe:/o:canonical:ubuntu_linux:14.04::lts:
canonical	ubuntu_linux	15.10	cpe:/o:canonical:ubuntu_linux:15.10:::
canonical	ubuntu_linux	15.04	cpe:/o:canonical:ubuntu_linux:15.04:::
canonical	ubuntu_linux	12.04	cpe:/o:canonical:ubuntu_linux:12.04::lts: