The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.RemoteUserBackend backend, allows remote authenticated users to hijack web sessions via vectors related to the REMOTE_USER header.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: debian

Published: 2014-08-26T14:00:00

Updated: 2024-08-06T09:20:18.469Z

Reserved: 2013-12-19T00:00:00

Link: CVE-2014-0482

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2014-08-26T14:55:05.297

Modified: 2018-10-30T16:27:34.687

Link: CVE-2014-0482

cve-icon Redhat

Severity : Moderate

Publid Date: 2014-08-20T00:00:00Z

Links: CVE-2014-0482 - Bugzilla