FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2012-4520

This CVE name corresponds to:

Entered Topic
2012-10-24 django -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2012-4520 at cve.mitre.org

Details

Type Candidate
Name CVE-2012-4520
Phase Assigned(20120821)

Description

The django.http.HttpRequest.get_host function in Django 1.3.x before 1.3.4 and 1.4.x before 1.4.2 allows remote attackers to generate and display arbitrary URLs via crafted username and password Host header values.

References

Source Reference
MLIST [oss-security] 20121029 Re: CVE Request: Django
MISC http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691145
MISC https://bugzilla.redhat.com/show_bug.cgi?id=865164
CONFIRM https://github.com/django/django/commit/92d3430f12171f16f566c9050c40feefb830a4a3
CONFIRM https://github.com/django/django/commit/9305c0e12d43c4df999c3301a1f0c742264a657e
CONFIRM https://github.com/django/django/commit/b45c377f8f488955e0c7069cad3f3dd21910b071
CONFIRM https://www.djangoproject.com/weblog/2012/oct/17/security/
DEBIAN DSA-2634
FEDORA FEDORA-2012-16406
FEDORA FEDORA-2012-16417
FEDORA FEDORA-2012-16440
UBUNTU USN-1632-1
UBUNTU USN-1757-1
OSVDB 86493
SECTRACK 1027708
SECUNIA 51033
SECUNIA 51314

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.