vulnerability
FreeBSD: VID-CB116651-79DB-4C09-93A2-C38F9DF46724 (CVE-2016-9014): django -- multiple vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:M/Au:N/C:P/I:P/A:P) | Nov 1, 2016 | Nov 14, 2016 | May 7, 2019 |
Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
Nov 1, 2016
Added
Nov 14, 2016
Modified
May 7, 2019
Description
Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS.
Solutions
freebsd-upgrade-package-py27-djangofreebsd-upgrade-package-py27-django110freebsd-upgrade-package-py27-django18freebsd-upgrade-package-py27-django19freebsd-upgrade-package-py33-djangofreebsd-upgrade-package-py33-django110freebsd-upgrade-package-py33-django18freebsd-upgrade-package-py33-django19freebsd-upgrade-package-py34-djangofreebsd-upgrade-package-py34-django110freebsd-upgrade-package-py34-django18freebsd-upgrade-package-py34-django19freebsd-upgrade-package-py35-djangofreebsd-upgrade-package-py35-django110freebsd-upgrade-package-py35-django18freebsd-upgrade-package-py35-django19
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.