Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2016-12-09T20:00:00
Updated: 2024-08-06T02:35:02.332Z
Reserved: 2016-10-25T00:00:00
Link: CVE-2016-9014
Vulnrichment
No data.
NVD
Status : Modified
Published: 2016-12-09T20:59:06.970
Modified: 2024-11-21T03:00:26.480
Link: CVE-2016-9014
Redhat