DEBIAN-CVE-2014-0482

DEBIAN-CVE-2014-0482 PUBLISHED

The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.RemoteUserBackend backend, allows remote authenticated users to hijack web sessions via vectors related to the REMOTE_USER header.

Affected Products

Vendor	Product	Versions
Debian:13	python-django	0, 0, 0
Debian:11	python-django	0, 0, 0
Debian:12	python-django	0, 0, 0
Debian:14	python-django	0, 0, 0

Timeline

Aug 26, 2014 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2014-0482 advisory

Open in Interactive Console →