Improper Authentication in Opensuse and Django - CVE-2014-0482
Published: August 26, 2014 / Updated: August 10, 2020
Vulnerability identifier: #VU41379
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2014-0482
CWE-ID: CWE-287
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: SUSE
Django Software Foundation
Django Software Foundation
Affected software:
Opensuse
Django
Opensuse
Django
Detailed vulnerability description
The vulnerability allows a remote #AU# to read and manipulate data.
The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.RemoteUserBackend backend, allows remote authenticated users to hijack web sessions via vectors related to the REMOTE_USER header.
How to mitigate CVE-2014-0482
Install update from vendor's website.