mailing list archives
Re: CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws
From: Josh Bressers <bressers () redhat com>
Date: Wed, 14 Sep 2011 14:22:59 -0400 (EDT)
Can MITRE deal with this one? I lack time to properly work through this list right now.
----- Original Message -----
Hello Josh, Steve, vendors,
multiple security flaws have been recently addressed in the v1.3.1
and v1.2.7 versions of the Django Python Web framework (from ):
1, Session manipulation,
2, Denial of service attack via URLField,
3, URLField redirection,
4, Host header cache poisoning,
5, Host header and CSRF,
6, Cross-subdomain CSRF attacks,
7, DEBUG pages and sensitive POST data
Could you allocate a CVE ids for these flaws?
Thank you && Regards, Jan.
Jan iankko Lieskovsky / Red Hat Security Response Team