CVE-2014-0473
published 2014-04-23CVE-2014-0473: The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous…
PriorityP428medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
1.97%
78.0th percentile
The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to bypass CSRF protections by reading the CSRF cookie for anonymous users.
Affected
30 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | python-django | < python-django 1.6.3-1 (bookworm) | python-django 1.6.3-1 (bookworm) |
| djangoproject | django | <= 1.4.10 | — |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv5.1MEDIUM
vendor_ubuntu5.1MEDIUM
vendor_debian5.0MEDIUM
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Django Reuses Cached CSRF Token
ghsa·2022-05-17
CVE-2014-0473 [HIGH] CWE-200 Django Reuses Cached CSRF Token
Django Reuses Cached CSRF Token
The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to bypass CSRF protections by reading the CSRF cookie for anonymous users.
OSV
Django Reuses Cached CSRF Token
osv·2022-05-17
CVE-2014-0473 [HIGH] Django Reuses Cached CSRF Token
Django Reuses Cached CSRF Token
The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to bypass CSRF protections by reading the CSRF cookie for anonymous users.
OSV
CVE-2014-0473: The caching framework in Django before 1
osv·2014-04-23·CVSS 5.0
CVE-2014-0473 [MEDIUM] CVE-2014-0473: The caching framework in Django before 1
The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to bypass CSRF protections by reading the CSRF cookie for anonymous users.
OSV
python-django regression
osv·2014-04-23·CVSS 5.1
CVE-2014-0472 [MEDIUM] python-django regression
python-django regression
USN-2169-1 fixed vulnerabilities in Django. The upstream security patch
for CVE-2014-0472 introduced a regression for certain applications. This
update fixes the problem.
Original advisory details:
Benjamin Bach discovered that Django incorrectly handled dotted Python
paths when using the reverse() function. An attacker could use this issue
to cause Django to import arbitrary modules from the Python path, resulting
in possible code execution. (CVE-2014-0472)
Paul McMillan discovered that Django incorrectly cached certain pages that
contained CSRF cookies. An attacker could possibly use this flaw to obtain
a valid cookie and perform attacks which bypass the CSRF restrictions.
(CVE-2014-0473)
Michael Koziarski discovered that Django did not always perform explic
OSV
python-django vulnerabilities
osv·2014-04-22·CVSS 5.1
CVE-2014-0472 [MEDIUM] python-django vulnerabilities
python-django vulnerabilities
Benjamin Bach discovered that Django incorrectly handled dotted Python
paths when using the reverse() function. An attacker could use this issue
to cause Django to import arbitrary modules from the Python path, resulting
in possible code execution. (CVE-2014-0472)
Paul McMillan discovered that Django incorrectly cached certain pages that
contained CSRF cookies. An attacker could possibly use this flaw to obtain
a valid cookie and perform attacks which bypass the CSRF restrictions.
(CVE-2014-0473)
Michael Koziarski discovered that Django did not always perform explicit
conversion of certain fields when using a MySQL database. An attacker
could possibly use this issue to obtain unexpected results. (CVE-2014-0474)
Ubuntu
Django regression
vendor_ubuntu·2014-04-23·CVSS 5.1
CVE-2014-0472 [MEDIUM] Django regression
Title: Django regression
Summary: USN-2169-1 introduced a regression in Django.
USN-2169-1 fixed vulnerabilities in Django. The upstream security patch
for CVE-2014-0472 introduced a regression for certain applications. This
update fixes the problem.
Original advisory details:
Benjamin Bach discovered that Django incorrectly handled dotted Python
paths when using the reverse() function. An attacker could use this issue
to cause Django to import arbitrary modules from the Python path, resulting
in possible code execution. (CVE-2014-0472)
Paul McMillan discovered that Django incorrectly cached certain pages that
contained CSRF cookies. An attacker could possibly use this flaw to obtain
a valid cookie and perform attacks which bypass the CSRF restrictions.
(CVE-2014-0473)
Michael Koziar
Ubuntu
Django vulnerabilities
vendor_ubuntu·2014-04-22·CVSS 5.1
CVE-2014-0472 [MEDIUM] Django vulnerabilities
Title: Django vulnerabilities
Summary: Several security issues were fixed in Django.
Benjamin Bach discovered that Django incorrectly handled dotted Python
paths when using the reverse() function. An attacker could use this issue
to cause Django to import arbitrary modules from the Python path, resulting
in possible code execution. (CVE-2014-0472)
Paul McMillan discovered that Django incorrectly cached certain pages that
contained CSRF cookies. An attacker could possibly use this flaw to obtain
a valid cookie and perform attacks which bypass the CSRF restrictions.
(CVE-2014-0473)
Michael Koziarski discovered that Django did not always perform explicit
conversion of certain fields when using a MySQL database. An attacker
could possibly use this issue to obtain unexpected results. (CVE-2
Red Hat
python-django: caching of anonymous pages could reveal CSRF token
vendor_redhat·2014-04-21·CVSS 5.0
CVE-2014-0473 [MEDIUM] CWE-352 python-django: caching of anonymous pages could reveal CSRF token
python-django: caching of anonymous pages could reveal CSRF token
The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to bypass CSRF protections by reading the CSRF cookie for anonymous users.
Package: Django (Red Hat Subscription Asset Manager) - Will not fix
Debian
CVE-2014-0473: python-django - The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before ...
vendor_debian·2014·CVSS 5.0
CVE-2014-0473 [MEDIUM] CVE-2014-0473: python-django - The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before ...
The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to bypass CSRF protections by reading the CSRF cookie for anonymous users.
Scope: local
bookworm: resolved (fixed in 1.6.3-1)
bullseye: resolved (fixed in 1.6.3-1)
forky: resolved (fixed in 1.6.3-1)
sid: resolved (fixed in 1.6.3-1)
trixie: resolved (fixed in 1.6.3-1)
No detection rules found.
No public exploits indexed.
http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0456.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0457.htmlhttp://secunia.com/advisories/61281http://www.debian.org/security/2014/dsa-2934http://www.ubuntu.com/usn/USN-2169-1https://www.djangoproject.com/weblog/2014/apr/21/security/http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0456.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0457.htmlhttp://secunia.com/advisories/61281http://www.debian.org/security/2014/dsa-2934http://www.ubuntu.com/usn/USN-2169-1https://www.djangoproject.com/weblog/2014/apr/21/security/
2014-04-23
Published