Novell Home

CVE-2012-4520

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2012-4520 at MITRE

Description

The django.http.HttpRequest.get_host function in Django 1.3.x before 1.3.4 and 1.4.x before 1.4.2 allows remote attackers to generate and display arbitrary URLs via crafted username and password Host header values.

NVD CVSS v2 Base Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N)

SUSE information

SUSE Bugzilla entries: 787521, 807175

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Cloud 1.0
  • python-django >= 1.4.5-0.6.2.1
Builds
SAT Patch Nr: 7839
openSUSE 12.3
  • python-django >= 1.4.5-2.4.1
Patchnames:
openSUSE-2013-589
openSUSE Evergreen 11.4
  • python-django >= 1.4.5-9.1
Patchnames:
2013-115

© 2015 Novell