CVE-2014-0482Improper Authentication in Django

CWE-287Improper Authentication16 documents8 sources
Severity
6.0MEDIUMNVD
EPSS
0.7%
top 27.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Djangoproject DjangoOpensuse
Timeline
PublishedAug 26
Latest updateMay 14

Description

The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.RemoteUserBackend backend, allows remote authenticated users to hijack web sessions via vectors related to the REMOTE_USER header.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 6.8 | Impact: 6.4

Affected Packages3 packages

PyPIdjangoproject/django1.51.5.9+3
NVDdjangoproject/django1.4.13+28
NVDopensuse/opensuse12.3, 13.1+1

🔴Vulnerability Details

5
OSV
Django Middleware Enables Session Hijacking2022-05-14
GHSA
Django Middleware Enables Session Hijacking2022-05-14
OSV
python-django vulnerabilities2014-09-16
CVEList
CVE-2014-0482: The contrib2014-08-26
OSV
CVE-2014-0482: The contrib2014-08-26

📋Vendor Advisories

3
Ubuntu
Django vulnerabilities2014-09-16
Red Hat
Django: RemoteUserMiddleware session hijacking2014-08-20
Debian
CVE-2014-0482: python-django - The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4...2014

💬Community

7
Bugzilla
CVE-2014-0480 CVE-2014-0481 CVE-2014-0482 CVE-2014-0483 Django14: various flaws [epel-6]2014-08-22
Bugzilla
CVE-2014-0480 CVE-2014-0481 CVE-2014-0482 CVE-2014-0483 python-django: various flaws [fedora-all]2014-08-22
Bugzilla
CVE-2014-0480 CVE-2014-0481 CVE-2014-0482 CVE-2014-0483 python-django15: various flaws [epel-6]2014-08-22
Bugzilla
CVE-2014-0480 CVE-2014-0481 CVE-2014-0482 CVE-2014-0483 python-django15: various flaws [fedora-20]2014-08-22
Bugzilla
CVE-2014-0480 CVE-2014-0481 CVE-2014-0482 CVE-2014-0483 python-django15: various flaws [epel-7]2014-08-22
CVE-2014-0482 — Improper Authentication in Django | cvebase