CVE-2014-0482

medium

Description

The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.RemoteUserBackend backend, allows remote authenticated users to hijack web sessions via vectors related to the REMOTE_USER header.

References

https://www.djangoproject.com/weblog/2014/aug/20/security/

http://www.debian.org/security/2014/dsa-3010

http://secunia.com/advisories/61281

http://secunia.com/advisories/61276

http://secunia.com/advisories/59782

http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html

Details

Source: Mitre, NVD

Published: 2014-08-26

Updated: 2018-10-30

Risk Information

CVSS v2

Base Score: 6

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Severity: Medium