CVE-2014-0482
26.08.2014, 14:55
The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.RemoteUserBackend backend, allows remote authenticated users to hijack web sessions via vectors related to the REMOTE_USER header.Enginsight
| Vendor | Product | Version |
|---|---|---|
| opensuse | opensuse | 12.3 |
| opensuse | opensuse | 13.1 |
| djangoproject | django | 1.6 |
| djangoproject | django | 1.6:beta1 |
| djangoproject | django | 1.6:beta2 |
| djangoproject | django | 1.6:beta3 |
| djangoproject | django | 1.6:beta4 |
| djangoproject | django | 1.6.1 |
| djangoproject | django | 1.6.2 |
| djangoproject | django | 1.6.3 |
| djangoproject | django | 1.6.4 |
| djangoproject | django | 1.6.5 |
| djangoproject | django | 𝑥 ≤ 1.4.13 |
| djangoproject | django | 1.4 |
| djangoproject | django | 1.4.1 |
| djangoproject | django | 1.4.2 |
| djangoproject | django | 1.4.4 |
| djangoproject | django | 1.4.5 |
| djangoproject | django | 1.4.6 |
| djangoproject | django | 1.4.7 |
| djangoproject | django | 1.4.8 |
| djangoproject | django | 1.4.9 |
| djangoproject | django | 1.4.10 |
| djangoproject | django | 1.4.11 |
| djangoproject | django | 1.4.12 |
| djangoproject | django | 1.7:beta1 |
| djangoproject | django | 1.7:beta2 |
| djangoproject | django | 1.7:beta3 |
| djangoproject | django | 1.7:beta4 |
| djangoproject | django | 1.7:rc1 |
| djangoproject | django | 1.7:rc2 |
| djangoproject | django | 1.5 |
| djangoproject | django | 1.5:alpha |
| djangoproject | django | 1.5:beta |
| djangoproject | django | 1.5.1 |
| djangoproject | django | 1.5.2 |
| djangoproject | django | 1.5.3 |
| djangoproject | django | 1.5.4 |
| djangoproject | django | 1.5.5 |
| djangoproject | django | 1.5.6 |
| djangoproject | django | 1.5.7 |
| djangoproject | django | 1.5.8 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Common Weakness Enumeration
References