Description

The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.RemoteUserBackend backend, allows remote authenticated users to hijack web sessions via vectors related to the REMOTE_USER header.

Remediation

References

CVE-2014-0482

Related Vulnerabilities

WordPress Plugin VideoWhisper Video Presentation Arbitrary File Upload (3.31.17)

Jolokia Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-10899)

WordPress Plugin YITH WooCommerce Authorize.net Payment Gateway Security Bypass (1.1.12)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2014-3597)

WordPress Plugin Simple Download Monitor Cross-Site Scripting (3.9.10)

Severity

Medium

Classification

CVE-2014-0482 CWE-287

Tags

Missing Update Known Vulnerabilities