CVE-2014-1418
6.4
Vector
AV:N/AC:L/Au:N/C:P/I:P/A:N
Exploitability: 10.0 / Impact: 4.9
Source: NVD
Description
Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly include the (1) Vary: Cookie or (2) Cache-Control header in responses, which allows remote attackers to obtain sensitive information or poison the cache via a request from certain browsers.
Affected (39)
Products: Djangoproject: Django · Canonical: Ubuntu Linux
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.7 beta1 |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.4.10 |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.5.1 |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Version 10.04 |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.6.1 |
References (14)
Source: security@ubuntu.com
Source: security@ubuntu.com
Source: security@ubuntu.com
Source: security@ubuntu.com
Source: security@ubuntu.com
Source: security@ubuntu.com
Source: security@ubuntu.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Timeline
No history available yet.