VDB
CVE-2012-4520
CVE-2012-4520
PUBLISHED
CVSS 6.400000095367432 MEDIUM
The django.http.HttpRequest.get_host function in Django 1.3.x before 1.3.4 and 1.4.x before 1.4.2 allows remote attackers to generate and display arbitrary URLs via crafted username and password Host header values.
EPSS 3.89% · 88.5th percentile
Risk Scores
CVSS v2.0
6.400000095367432
EPSS Score
3.89%
88.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| PyPI | Django | 1.4, 1.3 |
| djangoproject | django | 1.3, 1.3, 1.3.1 |
| n/a | n/a | n/a |
Timeline
- Nov 18, 2012 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 17, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 1, 2023 EPSS Score
- Jul 15, 2023 EPSS Score
- Sep 6, 2023 EPSS Score
References
- http://secunia.com/advisories/51314 advisory
- [oss-security] 20121029 Re: CVE Request: Django mailing-list
- 1027708 vdb
- https://github.com/django/django/commit/b45c377f8f488955e0c7069cad3f3dd21910b071 url
- 86493 vdb
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691145 url
- FEDORA-2012-16440 vendor-advisory
- USN-1757-1 vendor-advisory
- https://github.com/django/django/commit/92d3430f12171f16f566c9050c40feefb830a4a3 url
- DSA-2634 vendor-advisory
- https://www.djangoproject.com/weblog/2012/oct/17/security/ url
- FEDORA-2012-16417 vendor-advisory
- https://github.com/django/django/commit/9305c0e12d43c4df999c3301a1f0c742264a657e url
- 51033 third-party-advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=865164 url
- FEDORA-2012-16406 vendor-advisory
- USN-1632-1 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2012-4520 advisory
- https://www.openwall.com/lists/oss-security/2012/10/30/4 url
- https://www.djangoproject.com/weblog/2012/oct/17/security url
…and 10 more