cbcvebase.
CVE-2011-0696
published 2011-02-14

CVE-2011-0696: Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for…

PriorityP426medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
1.59%
72.6th percentile
Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via forged AJAX requests that leverage a "combination of browser plugins and redirects," a related issue to CVE-2011-0447.

Affected

35 ranges· showing 25
VendorProductVersion rangeFixed in
actionpack_projectactionpack>= 2.1.0 < 2.3.112.3.11
actionpack_projectactionpack>= 3.0.0 < 3.0.43.0.4
debianpython-django< python-django 1.2.5-1 (bookworm)python-django 1.2.5-1 (bookworm)
debianrails< rails 2.3.11-0.1 (bookworm)rails 2.3.11-0.1 (bookworm)
djangoprojectdjango
djangoprojectdjango
djangoprojectdjango
djangoprojectdjango
djangoprojectdjango
djangoprojectdjango
djangoprojectdjango
djangoprojectdjango
djangoprojectdjango
djangoprojectdjango>= 1.1 < 1.1.41.1.4
djangoprojectdjango>= 1.2 < 1.2.51.2.5
rubyonrailsrails
rubyonrailsrails
rubyonrailsrails
rubyonrailsrails
rubyonrailsrails
rubyonrailsrails
rubyonrailsrails
rubyonrailsrails
rubyonrailsrails
rubyonrailsrails

CVSS provenance

nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
ghsa6.8MEDIUM
osv6.8MEDIUM
vendor_debian6.8MEDIUM
vendor_ubuntu6.8MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.