CVE-2014-0480
26.08.2014, 14:55
The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not properly validate URLs, which allows remote attackers to conduct phishing attacks via a // (slash slash) in a URL, which triggers a scheme-relative URL to be generated.Enginsight
| Vendor | Product | Version |
|---|---|---|
| opensuse | opensuse | 12.3 |
| opensuse | opensuse | 13.1 |
| djangoproject | django | 1.7:beta1 |
| djangoproject | django | 1.7:beta2 |
| djangoproject | django | 1.7:beta3 |
| djangoproject | django | 1.7:beta4 |
| djangoproject | django | 1.7:rc1 |
| djangoproject | django | 1.7:rc2 |
| djangoproject | django | 1.6 |
| djangoproject | django | 1.6:beta1 |
| djangoproject | django | 1.6:beta2 |
| djangoproject | django | 1.6:beta3 |
| djangoproject | django | 1.6:beta4 |
| djangoproject | django | 1.6.1 |
| djangoproject | django | 1.6.2 |
| djangoproject | django | 1.6.3 |
| djangoproject | django | 1.6.4 |
| djangoproject | django | 1.6.5 |
| djangoproject | django | 1.5 |
| djangoproject | django | 1.5:alpha |
| djangoproject | django | 1.5:beta |
| djangoproject | django | 1.5.1 |
| djangoproject | django | 1.5.2 |
| djangoproject | django | 1.5.3 |
| djangoproject | django | 1.5.4 |
| djangoproject | django | 1.5.5 |
| djangoproject | django | 1.5.6 |
| djangoproject | django | 1.5.7 |
| djangoproject | django | 1.5.8 |
| djangoproject | django | 𝑥 ≤ 1.4.13 |
| djangoproject | django | 1.4 |
| djangoproject | django | 1.4.1 |
| djangoproject | django | 1.4.2 |
| djangoproject | django | 1.4.4 |
| djangoproject | django | 1.4.5 |
| djangoproject | django | 1.4.6 |
| djangoproject | django | 1.4.7 |
| djangoproject | django | 1.4.8 |
| djangoproject | django | 1.4.9 |
| djangoproject | django | 1.4.10 |
| djangoproject | django | 1.4.11 |
| djangoproject | django | 1.4.12 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Common Weakness Enumeration
References