Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 allows remote attackers to spoof WSGI headers by using an _ (underscore) character instead of a - (dash) character in an HTTP header, as demonstrated by an X-Auth_User header.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2015-01-16T16:00:00
Updated: 2024-08-06T04:03:10.188Z
Reserved: 2014-11-18T00:00:00
Link: CVE-2015-0219
Vulnrichment
No data.
NVD
Status : Modified
Published: 2015-01-16T16:59:18.657
Modified: 2024-11-21T02:22:34.657
Link: CVE-2015-0219
Redhat