Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2016-12-09T20:00:00

Updated: 2024-08-06T02:35:02.332Z

Reserved: 2016-10-25T00:00:00

Link: CVE-2016-9014

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2016-12-09T20:59:06.970

Modified: 2024-11-21T03:00:26.480

Link: CVE-2016-9014

cve-icon Redhat

Severity : Low

Publid Date: 2016-11-01T00:00:00Z

Links: CVE-2016-9014 - Bugzilla