The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.RemoteUserBackend backend, allows remote authenticated users to hijack web sessions via vectors related to the REMOTE_USER header.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: debian
Published: 2014-08-26T14:00:00
Updated: 2024-08-06T09:20:18.469Z
Reserved: 2013-12-19T00:00:00
Link: CVE-2014-0482
Vulnrichment
No data.
NVD
Status : Modified
Published: 2014-08-26T14:55:05.297
Modified: 2018-10-30T16:27:34.687
Link: CVE-2014-0482
Redhat