6 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
73.3%
The contrib.auth.middleware.RemoteUserMiddleware middleware in Django
before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before
release candidate 3, when using the contrib.auth.backends.RemoteUserBackend
backend, allows remote authenticated users to hijack web sessions via
vectors related to the REMOTE_USER header.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 10.04 | noarch | python-django | < 1.1.1-2ubuntu1.13 | UNKNOWN |
ubuntu | 12.04 | noarch | python-django | < 1.3.1-4ubuntu1.12 | UNKNOWN |
ubuntu | 14.04 | noarch | python-django | < 1.6.1-2ubuntu0.4 | UNKNOWN |