CVE-2014-0482 (retired)

Priority
Description
The contrib.auth.middleware.RemoteUserMiddleware middleware in Django
before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before
release candidate 3, when using the contrib.auth.backends.RemoteUserBackend
backend, allows remote authenticated users to hijack web sessions via
vectors related to the REMOTE_USER header.
Assigned-to
mdeslaur
More Information

Updated: 2019-03-26 12:12:23 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)