Lucene search

[email protected]NVD:CVE-2015-5144

HistoryJul 14, 2015 - 5:59 p.m.

CVE-2015-5144

2015-07-1417:59:07

CWE-20

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

7.9

Confidence

High

EPSS

0.006

Percentile

78.8%

JSON

Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an (1) email message to the EmailValidator, a (2) URL to the URLValidator, or unspecified vectors to the (3) validate_ipv4_address or (4) validate_slug validator.

Affected configurations

NVD

Node

canonicalubuntu_linuxMatch12.04lts

canonicalubuntu_linuxMatch14.04lts

canonicalubuntu_linuxMatch15.04

canonicalubuntu_linuxMatch15.10

Node

djangoprojectdjangoRange≤1.4.20

djangoprojectdjangoMatch1.5

djangoprojectdjangoMatch1.5alpha

djangoprojectdjangoMatch1.5beta

djangoprojectdjangoMatch1.5.1

djangoprojectdjangoMatch1.5.2

djangoprojectdjangoMatch1.5.3

djangoprojectdjangoMatch1.5.4

djangoprojectdjangoMatch1.5.5

djangoprojectdjangoMatch1.5.6

djangoprojectdjangoMatch1.5.7

djangoprojectdjangoMatch1.5.8

djangoprojectdjangoMatch1.5.9

djangoprojectdjangoMatch1.5.10

djangoprojectdjangoMatch1.5.11

djangoprojectdjangoMatch1.5.12

djangoprojectdjangoMatch1.6-

djangoprojectdjangoMatch1.6beta1

djangoprojectdjangoMatch1.6beta2

djangoprojectdjangoMatch1.6beta3

djangoprojectdjangoMatch1.6beta4

djangoprojectdjangoMatch1.6.1

djangoprojectdjangoMatch1.6.2

djangoprojectdjangoMatch1.6.3

djangoprojectdjangoMatch1.6.4

djangoprojectdjangoMatch1.6.5

djangoprojectdjangoMatch1.6.6

djangoprojectdjangoMatch1.6.7

djangoprojectdjangoMatch1.6.8

djangoprojectdjangoMatch1.6.9

djangoprojectdjangoMatch1.6.10

djangoprojectdjangoMatch1.7beta1

djangoprojectdjangoMatch1.7beta2

djangoprojectdjangoMatch1.7beta3

djangoprojectdjangoMatch1.7beta4

djangoprojectdjangoMatch1.7rc1

djangoprojectdjangoMatch1.7rc2

djangoprojectdjangoMatch1.7rc3

djangoprojectdjangoMatch1.7.1

djangoprojectdjangoMatch1.7.2

djangoprojectdjangoMatch1.7.3

djangoprojectdjangoMatch1.7.4

djangoprojectdjangoMatch1.7.5

djangoprojectdjangoMatch1.7.6

djangoprojectdjangoMatch1.7.7

djangoprojectdjangoMatch1.7.8

djangoprojectdjangoMatch1.7.9

djangoprojectdjangoMatch1.8beta1

djangoprojectdjangoMatch1.8.0

djangoprojectdjangoMatch1.8.1

djangoprojectdjangoMatch1.8.2

Node

debiandebian_linuxMatch7.0

debiandebian_linuxMatch8.0

Node

oraclesolarisMatch11.3

References

lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.html

lists.opensuse.org/opensuse-updates/2015-10/msg00043.html

lists.opensuse.org/opensuse-updates/2015-10/msg00046.html

www.debian.org/security/2015/dsa-3305

www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

www.securityfocus.com/bid/75665

www.securitytracker.com/id/1032820

www.ubuntu.com/usn/USN-2671-1

security.gentoo.org/glsa/201510-06

www.djangoproject.com/weblog/2015/jul/08/security-releases/

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

7.9

Confidence

High

EPSS

0.006

Percentile

78.8%

JSON

Related for NVD:CVE-2015-5144

ubuntucve1 cvelist1 cve1 osv4 prion1 gitlab1 debiancve1 github1 ubuntu1 openvas7 debian2 nessus10 securityvulns2 mageia1 gentoo1 freebsd1 fedora2 altlinux2