WEB APPLICATION VULNERABILITIES Standard & Premium

Django Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0473)

Description

The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to bypass CSRF protections by reading the CSRF cookie for anonymous users.

Remediation

References

Related Vulnerabilities

WordPress 4.7.x Multiple Vulnerabilities (4.7 - 4.7.21)

Plone CMS CVE-2012-5503 Vulnerability (CVE-2012-5503)

Squid Exposure of Resource to Wrong Sphere Vulnerability (CVE-2020-8449)

WordPress Plugin Ivory Search-WordPress Search Cross-Site Scripting (4.6.6)

WordPress Plugin Feed Them Social-for Twitter feed, Youtube and more Cross-Site Scripting (1.6.9)

Severity

Medium

Classification

CVE-2014-0473 CWE-264

Tags

Missing Update Known Vulnerabilities