CVE-2015-0219

Priority
Description
Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 allows
remote attackers to spoof WSGI headers by using an _ (underscore) character
instead of a - (dash) character in an HTTP header, as demonstrated by an
X-Auth_User header.
Assigned-to
mdeslaur
Notes
Package
Upstream:released (1.6.10)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was released [1.6.1-2ubuntu0.6])
More Information

Updated: 2019-12-05 18:39:18 UTC (commit dd38ff22974aae499eb50644b9d5a2817483cbdb)