CVE-2012-4520

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2012-4520 at MITRE

Description

The django.http.HttpRequest.get_host function in Django 1.3.x before 1.3.4 and 1.4.x before 1.4.2 allows remote attackers to generate and display arbitrary URLs via crafted username and password Host header values.
CVSS v2 Scores
  National Vulnerability Database
Base Score 6.42
Vector AV:N/AC:L/Au:N/C:P/I:P/A:N
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact None

SUSE information

SUSE Bugzilla entries: 787521 [RESOLVED / FIXED], 807175 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Cloud 1.0
  • python-django >= 1.4.5-0.6.2.1
Builds
SAT Patch Nr: 7839
openSUSE 12.3
  • python-django >= 1.4.5-2.4.1
Patchnames:
openSUSE-2013-589
openSUSE Evergreen 11.4
  • python-django >= 1.4.5-9.1
Patchnames:
2013-115