CVE-2016-7401

The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:djangoproject:django:1.9.6:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9.5:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9.4:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9.3:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9.2:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9.9:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9.1:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9.8:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9.7:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Information

Published : 2016-10-03 11:59

Updated : 2018-01-04 18:31


NVD link : CVE-2016-7401

Mitre link : CVE-2016-7401


JSON object : View

CWE
CWE-254

7PK - Security Features

Advertisement

dedicated server usa

Products Affected

debian

  • debian_linux

canonical

  • ubuntu_linux

djangoproject

  • django