Information disclosure in Django - CVE-2016-9013
Published: November 2, 2016 / Updated: November 2, 2016
Vulnerability identifier: #VU1130
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-9013
CWE-ID: CWE-259
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Django Software Foundation
Affected software:
Django
Django
Detailed vulnerability description
The vulnerability allows a remote authenticated user to obtain potentially sensitive information on the target system.
The weakness exists due to use of hardcoded password that allows a remote attacker to connect to the database server.
Successful exploitation of the vulnerability results in disclosure of potentially sensitive information.
The weakness exists due to use of hardcoded password that allows a remote attacker to connect to the database server.
Successful exploitation of the vulnerability results in disclosure of potentially sensitive information.
How to mitigate CVE-2016-9013
Update to 1.8.16, 1.9.11, 1.10.3.