CVE-2015-5144 — Improper Input Validation in Django
Severity
4.3MEDIUMNVD
OSV7.8
EPSS
2.2%
top 15.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 14
Latest updateMay 17
Description
Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an (1) email message to the EmailValidator, a (2) URL to the URLValidator, or unspecified vectors to the (3) validate_ipv4_address or (4) validate_slug validator.
CVSS vector
AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9
Affected Packages3 packages
Also affects: Debian Linux 7.0, 8.0, Ubuntu Linux 12.04, 14.04, 15.04, 15.10
🔴Vulnerability Details
5📋Vendor Advisories
3💬Community
5Bugzilla▶
CVE-2015-5144 python-django: Django: possible header injection due to validators accepting newlines in input [fedora-all]↗2015-07-14
Bugzilla▶
CVE-2015-5144 Django14: Django: possible header injection due to validators accepting newlines in input [epel-6]↗2015-07-14
Bugzilla▶
CVE-2015-5144 python-django: Django: possible header injection due to validators accepting newlines in input [epel-7]↗2015-07-14
Bugzilla▶
CVE-2015-5144 Django: possible header injection due to validators accepting newlines in input↗2015-07-03
Bugzilla▶
CVE-2009-5144 CVE-2015-2091 mod_gnutls: GnuTLSClientVerify require is ignored in directory and server context↗2015-02-27