CVE-2011-4139
Published: 19 October 2011
Django before 1.2.7 and 1.3.x before 1.3.1 uses a request's HTTP Host header to construct a full URL in certain circumstances, which allows remote attackers to conduct cache poisoning attacks via a crafted request.
Priority
Status
Package | Release | Status |
---|---|---|
python-django Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Released
(1.1.1-2ubuntu1.4)
|
|
maverick |
Released
(1.2.3-1ubuntu0.2.10.10.3)
|
|
natty |
Released
(1.2.5-1ubuntu1.1)
|
|
oneiric |
Released
(1.3-2ubuntu1.1)
|
|
upstream |
Released
(1.3.1-1)
|
|
Patches: upstream: https://code.djangoproject.com/changeset/16764 (1.2) upstream: https://code.djangoproject.com/changeset/16761 (1.3) |