Max CVSS 6.8 Min CVSS 5.0 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2011-1521 6.4
The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (r
25-10-2019 - 11:53 24-05-2011 - 23:55
CVE-2011-4139 5.0
Django before 1.2.7 and 1.3.x before 1.3.1 uses a request's HTTP Host header to construct a full URL in certain circumstances, which allows remote attackers to conduct cache poisoning attacks via a crafted request.
18-01-2018 - 02:29 19-10-2011 - 10:55
CVE-2011-4137 5.0
The verify_exists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 relies on Python libraries that attempt access to an arbitrary URL with no timeout, which allows remote attackers to cause a denial of servic
18-01-2018 - 02:29 19-10-2011 - 10:55
CVE-2011-4140 6.8
The CSRF protection mechanism in Django through 1.2.7 and 1.3.x through 1.3.1 does not properly handle web-server configurations supporting arbitrary HTTP Host headers, which allows remote attackers to trigger unauthenticated forged requests via vect
18-01-2018 - 02:29 19-10-2011 - 10:55
CVE-2011-4138 5.0
The verify_exists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 originally tests a URL's validity through a HEAD request, but then uses a GET request for the new target URL in the case of a redirect, which
18-01-2018 - 02:29 19-10-2011 - 10:55
CVE-2011-4136 5.8
django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1, when session data is stored in the cache, uses the root namespace for both session identifiers and application-data keys, which allows remote attackers to modify a session by trig
18-01-2018 - 02:29 19-10-2011 - 10:55
Back to Top Mark selected
Back to Top