WEB APPLICATION VULNERABILITIES Standard & Premium

Django Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0473)

Description

The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to bypass CSRF protections by reading the CSRF cookie for anonymous users.

Remediation

References

Related Vulnerabilities

Apache Traffic Server Improper Input Validation Vulnerability (CVE-2023-39456)

WordPress Plugin WatuPRO Multiple Vulnerabilities (4.8.8.4)

MySQL CVE-2019-2737 Vulnerability (CVE-2019-2737)

MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-8623)

WordPress Plugin Import XML and RSS Feeds Server-Side Request Forgery (2.0.2)

Severity

Medium

Classification

CVE-2014-0473 CWE-264

Tags

Missing Update Known Vulnerabilities