[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248392

 
 

909

 
 

195452

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2019-12781Date: (C)2019-07-02   (M)2024-04-17


An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words, django.http.HttpRequest.scheme has incorrect behavior when a client uses HTTP.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 5.3CVSS Score : 5.0
Exploit Score: 3.9Exploit Score: 10.0
Impact Score: 1.4Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: PARTIAL
Scope: UNCHANGEDIntegrity: NONE
Confidentiality: LOWAvailability: NONE
Integrity: NONE 
Availability: NONE 
  
Reference:
BID-109018
https://seclists.org/bugtraq/2019/Jul/10
DSA-4476
FEDORA-2019-d9aa58d863
USN-4043-1
http://www.openwall.com/lists/oss-security/2019/07/01/3
https://docs.djangoproject.com/en/dev/releases/security/
https://groups.google.com/forum/#%21topic/django-announce/Is4kLY9ZcZQ
https://security.netapp.com/advisory/ntap-20190705-0002/
https://www.djangoproject.com/weblog/2019/jul/01/security-releases/
openSUSE-SU-2019:1839
openSUSE-SU-2019:1872

CPE    4
cpe:/o:debian:debian_linux:9.0
cpe:/o:canonical:ubuntu_linux:18.04::~~lts~~~
cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~
cpe:/a:djangoproject:django
...
CWE    1
CWE-319
OVAL    7
oval:org.secpod.oval:def:705048
oval:org.secpod.oval:def:2105216
oval:org.secpod.oval:def:116844
oval:org.secpod.oval:def:57440
...

© SecPod Technologies