Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2014-0480HistoryAug 26, 2014 - 2:55 p.m.
CVE-2014-0480
2014-08-2614:55:05
Debian Security Bug Tracker
security-tracker.debian.org
11
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.005 Low
EPSS
Percentile
75.3%
The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not properly validate URLs, which allows remote attackers to conduct phishing attacks via a // (slash slash) in a URL, which triggers a scheme-relative URL to be generated.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | python-django | < 1.6.6-1 | python-django_1.6.6-1_all.deb |
| Debian | 11 | all | python-django | < 1.6.6-1 | python-django_1.6.6-1_all.deb |
| Debian | 999 | all | python-django | < 1.6.6-1 | python-django_1.6.6-1_all.deb |
| Debian | 13 | all | python-django | < 1.6.6-1 | python-django_1.6.6-1_all.deb |
Related
gitlab
gitlab
Improper Input Validation
2022-05-14 00:00:00
ubuntucve
ubuntucve
CVE-2014-0480
2014-08-26 00:00:00
prion
prion
Code injection
2014-08-26 14:55:00
nvd
nvd
CVE-2014-0480
2014-08-26 14:55:05
osv
osv
Django Incorrectly Validates URLs
2022-05-14 02:09:22
PYSEC-2014-4
2014-08-26 14:55:00
python-django - security update
2014-08-22 00:00:00
cve
cve
CVE-2014-0480
2014-08-26 14:55:05
cvelist
cvelist
CVE-2014-0480
2014-08-26 14:00:00
github
github
Django Incorrectly Validates URLs
2022-05-14 02:09:22
freebsd
freebsd
django -- multiple vulnerabilities
2014-08-20 00:00:00
nessus
nessus
Fedora 20 : python-django14-1.4.16-1.fc20 (2014-15266)
2014-12-02 00:00:00
Mandriva Linux Security Advisory : python-django (MDVSA-2014:179)
2014-09-12 00:00:00
GLSA-201412-22 : Django: Multiple vulnerabilities
2014-12-15 00:00:00
gentoo
gentoo
Django: Multiple vulnerabilities
2014-12-13 00:00:00
mageia
mageia
Updated python-django packages fix multiple vulnerabilities
2014-09-05 13:07:37
fedora
fedora
[SECURITY] Fedora 20 Update: python-django15-1.5.9-1.fc20
2014-09-10 13:29:30
[SECURITY] Fedora 20 Update: python-django14-1.4.16-1.fc20
2014-12-01 18:59:44
[SECURITY] Fedora 20 Update: python-django14-1.4.14-1.fc20
2014-09-09 22:27:18
ubuntu
ubuntu
Django vulnerabilities
2014-09-16 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 201412-22
2015-09-29 00:00:00
Ubuntu: Security Advisory (USN-2347-1)
2014-09-17 00:00:00
Fedora Update for python-django15 FEDORA-2014-9866
2014-09-11 00:00:00
debian
debian
[SECURITY] [DSA 3010-1] python-django security update
2014-08-22 20:52:59
[SECURITY] [DSA 3010-1] python-django security update
2014-08-22 20:52:59
[SECURITY] [DLA 65-1] python-django security update
2014-09-29 08:20:58
ibm
ibm
securityvulns
securityvulns
[SECURITY] [DSA 3010-1] python-django security update
2014-08-26 00:00:00
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.005 Low
EPSS
Percentile
75.3%
Related for DEBIANCVE:CVE-2014-0480