CVE-2012-4520

{"id": "CVE-2012-4520", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-11-18T23:55:01.040", "references": [{"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691145", "source": "secalert@redhat.com"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090666.html", "source": "secalert@redhat.com"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090904.html", "source": "secalert@redhat.com"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090970.html", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/51033", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/51314", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://securitytracker.com/id?1027708", "source": "secalert@redhat.com"}, {"url": "http://ubuntu.com/usn/usn-1632-1", "source": "secalert@redhat.com"}, {"url": "http://ubuntu.com/usn/usn-1757-1", "source": "secalert@redhat.com"}, {"url": "http://www.debian.org/security/2013/dsa-2634", "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2012/10/30/4", "source": "secalert@redhat.com"}, {"url": "http://www.osvdb.org/86493", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=865164", "source": "secalert@redhat.com"}, {"url": "https://github.com/django/django/commit/92d3430f12171f16f566c9050c40feefb830a4a3", "source": "secalert@redhat.com"}, {"url": "https://github.com/django/django/commit/9305c0e12d43c4df999c3301a1f0c742264a657e", "source": "secalert@redhat.com"}, {"url": "https://github.com/django/django/commit/b45c377f8f488955e0c7069cad3f3dd21910b071", "source": "secalert@redhat.com"}, {"url": "https://www.djangoproject.com/weblog/2012/oct/17/security/", "tags": ["Patch", "Vendor Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "The django.http.HttpRequest.get_host function in Django 1.3.x before 1.3.4 and 1.4.x before 1.4.2 allows remote attackers to generate and display arbitrary URLs via crafted username and password Host header values."}, {"lang": "es", "value": "La funci\u00f3n django.http.HttpRequest.get_host en Django v1.3.x antes de v1.3.4 y v1.4.x antes de v1.4.2, permite a atacantes remotos generar y mostrar URLs de su elecci\u00f3n a trav\u00e9s de nombre de usuario y contrase\u00f1a de la cabecera Host manipulados."}], "lastModified": "2013-05-04T03:20:45.657", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:djangoproject:django:1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8F5428AE-6B63-4D27-BCC4-F228264A6F0E"}, {"criteria": "cpe:2.3:a:djangoproject:django:1.3:alpha1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "06F122AC-B9BF-4E27-A7C0-F3E7B5E8A907"}, {"criteria": "cpe:2.3:a:djangoproject:django:1.3:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "33D378F8-CFDC-4882-A838-406ABA7AD8CC"}, {"criteria": "cpe:2.3:a:djangoproject:django:1.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "132795AE-92DD-42CB-A59E-5F7136F93B46"}, {"criteria": "cpe:2.3:a:djangoproject:django:1.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B5BE262-260E-4250-8F68-7392FD68970E"}, {"criteria": "cpe:2.3:a:djangoproject:django:1.3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F18B54E2-447B-4B38-9E88-6833F67EB24C"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:djangoproject:django:1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A79FF7F-8F92-4FEB-96CC-6B15D0CE920D"}, {"criteria": "cpe:2.3:a:djangoproject:django:1.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "13EF02D4-406C-4146-9B8F-FAC906E7B6E5"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}