Description

Django before 1.2.7 and 1.3.x before 1.3.1 uses a request's HTTP Host header to construct a full URL in certain circumstances, which allows remote attackers to conduct cache poisoning attacks via a crafted request.

Remediation

References

CVE-2011-4139

Related Vulnerabilities

Joomla! Core 3.x.x Cross-Site Scripting (3.0.0 - 3.8.3)

Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-14885)

WordPress Plugin Community by PeepSo-Social Network, Membership, Registration, User Profiles Privilege Escalation (1.6.0)

Oracle Application Server CVE-2008-0346 Vulnerability (CVE-2008-0346)

WordPress Plugin Ultimate Addons for Beaver Builder Security Bypass (1.24.0)

Severity

Medium

Classification

CVE-2011-4139 CWE-20

Tags

Missing Update Known Vulnerabilities