cbcvebase.
CVE-2012-4520
published 2012-11-18

CVE-2012-4520: The django.http.HttpRequest.get_host function in Django 1.3.x before 1.3.4 and 1.4.x before 1.4.2 allows remote attackers to generate and display arbitrary…

PriorityP338medium6.4CVSS 2.0
AVNACLAuNCPIPAN
EPSS
3.64%
88.1th percentile
The django.http.HttpRequest.get_host function in Django 1.3.x before 1.3.4 and 1.4.x before 1.4.2 allows remote attackers to generate and display arbitrary URLs via crafted username and password Host header values.

Affected

9 ranges
VendorProductVersion rangeFixed in
debianpython-django< python-django 1.4.2-1 (bookworm)python-django 1.4.2-1 (bookworm)
djangoprojectdjango
djangoprojectdjango
djangoprojectdjango
djangoprojectdjango
djangoprojectdjango
djangoprojectdjango
djangoprojectdjango>= 1.3 < 1.3.41.3.4
djangoprojectdjango>= 1.4 < 1.4.21.4.2

CVSS provenance

nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:P/A:N
osv6.4MEDIUM
vendor_debian6.4MEDIUM
vendor_redhat6.4MEDIUM
vendor_ubuntu6.4MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.