{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-07-08T00:00:00", "descriptions": [{"lang": "en", "value": "Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an (1) email message to the EmailValidator, a (2) URL to the URLValidator, or unspecified vectors to the (3) validate_ipv4_address or (4) validate_slug validator."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-21T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "FEDORA-2015-1dd5bc998f", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.html"}, {"name": "GLSA-201510-06", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201510-06"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.djangoproject.com/weblog/2015/jul/08/security-releases/"}, {"name": "openSUSE-SU-2015:1802", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00043.html"}, {"name": "openSUSE-SU-2015:1813", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00046.html"}, {"name": "DSA-3305", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2015/dsa-3305"}, {"name": "75665", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/75665"}, {"name": "USN-2671-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2671-1"}, {"name": "1032820", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1032820"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-5144", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an (1) email message to the EmailValidator, a (2) URL to the URLValidator, or unspecified vectors to the (3) validate_ipv4_address or (4) validate_slug validator."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "FEDORA-2015-1dd5bc998f", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.html"}, {"name": "GLSA-201510-06", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201510-06"}, {"name": "https://www.djangoproject.com/weblog/2015/jul/08/security-releases/", "refsource": "CONFIRM", "url": "https://www.djangoproject.com/weblog/2015/jul/08/security-releases/"}, {"name": "openSUSE-SU-2015:1802", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00043.html"}, {"name": "openSUSE-SU-2015:1813", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00046.html"}, {"name": "DSA-3305", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3305"}, {"name": "75665", "refsource": "BID", "url": "http://www.securityfocus.com/bid/75665"}, {"name": "USN-2671-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2671-1"}, {"name": "1032820", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1032820"}, {"name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T06:32:32.919Z"}, "title": "CVE Program Container", "references": [{"name": "FEDORA-2015-1dd5bc998f", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.html"}, {"name": "GLSA-201510-06", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201510-06"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.djangoproject.com/weblog/2015/jul/08/security-releases/"}, {"name": "openSUSE-SU-2015:1802", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00043.html"}, {"name": "openSUSE-SU-2015:1813", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00046.html"}, {"name": "DSA-3305", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2015/dsa-3305"}, {"name": "75665", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/75665"}, {"name": "USN-2671-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2671-1"}, {"name": "1032820", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1032820"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-5144", "datePublished": "2015-07-14T17:00:00", "dateReserved": "2015-06-29T00:00:00", "dateUpdated": "2024-08-06T06:32:32.919Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*", "matchCriteriaId": "26F14869-45E4-4A7D-827D-B769A605B575", "versionEndIncluding": "1.4.20", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "CCDB4B76-6541-4405-B74C-3EEAF84A04E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.5:alpha:*:*:*:*:*:*", "matchCriteriaId": "8A26B113-8D22-46E5-92C3-12134A68A21E", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.5:beta:*:*:*:*:*:*", "matchCriteriaId": "0D99FB28-08F3-45B4-8C04-90074FBC2457", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "4E2A29CC-A92B-4EC1-8225-408A5048C033", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "73317E26-AA3A-4437-9261-CE76BC1A0749", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "E6046CEB-6CF5-406F-BF6B-4D8C24DDA6FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "A666B9E5-EA1B-4FA9-A685-61ECF26CB084", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.5.5:*:*:*:*:*:*:*", "matchCriteriaId": "8EB3FED4-C50A-4449-9A7B-552CFB02F860", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.5.6:*:*:*:*:*:*:*", "matchCriteriaId": "5B4F3D5C-5768-48F1-8A39-1B87EC061F37", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.5.7:*:*:*:*:*:*:*", "matchCriteriaId": "B10E08DF-6B92-452A-876B-DC8D376B0B41", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.5.8:*:*:*:*:*:*:*", "matchCriteriaId": "DFC18F77-77CB-45CB-869E-267DACD19601", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.5.9:*:*:*:*:*:*:*", "matchCriteriaId": "0B3937A5-D537-4A9A-B7EF-0F7C441EE520", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.5.10:*:*:*:*:*:*:*", "matchCriteriaId": "5B63ECA8-0AD0-4670-B026-6762DCC65D15", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.5.11:*:*:*:*:*:*:*", "matchCriteriaId": "BB39F768-9616-4C56-9613-55A5229DDCA1", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.5.12:*:*:*:*:*:*:*", "matchCriteriaId": "9074F301-7595-464A-8DE5-41E78E5EE804", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.6:-:*:*:*:*:*:*", "matchCriteriaId": "29477EEA-D5F8-45A9-9777-8A6BC7C668A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.6:beta1:*:*:*:*:*:*", "matchCriteriaId": "A83451BD-1D67-4A7F-A62C-F597E51FCC21", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.6:beta2:*:*:*:*:*:*", "matchCriteriaId": "0300DC0D-5DD0-42B5-9FE0-54DC557EA40D", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.6:beta3:*:*:*:*:*:*", "matchCriteriaId": "85A2021F-B2AF-40DC-9FA2-5F90D2EB813E", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.6:beta4:*:*:*:*:*:*", "matchCriteriaId": "07B12D68-BB49-4931-9D9E-D8134FC0B350", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "0CC369A0-0092-450D-91E9-13C7AF7EBC16", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "4B6B7974-ABEF-4E0C-8503-6E9C22D28C78", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "55460F1D-661B-465C-8A22-E4E6DA2834B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "9FD4FB46-3A98-4B9B-A241-C39E2C2A0FEC", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.6.5:*:*:*:*:*:*:*", "matchCriteriaId": "FF87FDAB-51A2-41C4-A4C4-5180B0230C3F", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.6.6:*:*:*:*:*:*:*", "matchCriteriaId": "80E8431B-FEA1-4D94-B367-56E8678C3CD3", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.6.7:*:*:*:*:*:*:*", "matchCriteriaId": "81E7779A-EDB9-4871-8D7C-63C5A7C7A0DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.6.8:*:*:*:*:*:*:*", "matchCriteriaId": "ABB56113-5E66-4EE9-B551-FD40C2FE307B", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.6.9:*:*:*:*:*:*:*", "matchCriteriaId": "A2985241-279F-46AC-8BBF-DF2F439FE720", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.6.10:*:*:*:*:*:*:*", "matchCriteriaId": "D6D0F178-D3DE-4E1D-B666-B40262CDF9BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.7:beta1:*:*:*:*:*:*", "matchCriteriaId": "BB1EF6D7-0AF4-4146-BA37-961F7048C1C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.7:beta2:*:*:*:*:*:*", "matchCriteriaId": "5E4CCE84-425C-4B9C-98B7-D858B64B3418", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.7:beta3:*:*:*:*:*:*", "matchCriteriaId": "B6B77FCE-F26A-41CB-8D72-E9EF0E352288", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.7:beta4:*:*:*:*:*:*", "matchCriteriaId": "985884FE-AEB9-4D93-806E-ADFCC576FF99", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.7:rc1:*:*:*:*:*:*", "matchCriteriaId": "D81EE1B4-9CB4-4776-A7CE-44B023C67CA7", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.7:rc2:*:*:*:*:*:*", "matchCriteriaId": "81798B3D-A000-40D5-A369-C9A0BEF79A5E", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.7:rc3:*:*:*:*:*:*", "matchCriteriaId": "32DDDBEB-6F2F-4BA9-876D-38D41BA29726", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "06513AE1-11E4-4A9C-BDA4-D0511A9DCFC8", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "6004EA17-A2B4-4E4C-A738-210FCAC2CA32", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.7.3:*:*:*:*:*:*:*", "matchCriteriaId": "61680046-51CD-4217-AC1E-C11265205DB3", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.7.4:*:*:*:*:*:*:*", "matchCriteriaId": "4320AE65-B4A7-4CC3-8BE0-6CD4FFBC24C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.7.5:*:*:*:*:*:*:*", "matchCriteriaId": "18E5B08A-E6FC-440C-A2F8-1D8B727D55E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.7.6:*:*:*:*:*:*:*", "matchCriteriaId": "6DAD077F-A239-4021-890E-AD4D9D9A388D", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.7.7:*:*:*:*:*:*:*", "matchCriteriaId": "B2DCD8E1-EF0F-4878-8952-E0F729A524C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.7.8:*:*:*:*:*:*:*", "matchCriteriaId": "B3CB49AF-2A89-4277-B2E9-67803A395A23", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.7.9:*:*:*:*:*:*:*", "matchCriteriaId": "8086E8D8-25AD-4F63-BFB2-4AA3FA25484D", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.8:beta1:*:*:*:*:*:*", "matchCriteriaId": "DC23A3EC-942C-4B8D-A3D1-AC7C6526BF1E", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "02D3C0FF-C342-40F1-A187-CD212C16FE8F", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "2510BAD7-1FB6-4F6F-A2CC-9DE9AD39B4FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "D1B388C7-ED4E-4416-969F-32263E7D7AA8", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an (1) email message to the EmailValidator, a (2) URL to the URLValidator, or unspecified vectors to the (3) validate_ipv4_address or (4) validate_slug validator."}, {"lang": "es", "value": "Django antes de 1.4.21, de 1.5.x hasta 1.6.x, 1.7.x anteriores a 1.7.9 y 1.8.x anteriores a 1.8.3 utiliza una expresi\u00f3n regular incorrecta lo que permite a atacantes remotos inyectar cabeceras arbitrarias para realizar ataques de divisi\u00f3n de respuesta HTTP a trav\u00e9s de un caracter de nueva l\u00ednea en (1) mensaje de correo electr\u00f3nico al EmailValidator, ( 2 ) una URL al URLValidator o vectores no especificados en el ( 3 ) validate_ipv4_address o (4 ) validador validate_slug."}], "id": "CVE-2015-5144", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-07-14T17:59:07.493", "references": [{"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00043.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00046.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2015/dsa-3305"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/75665"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1032820"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2671-1"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201510-06"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.djangoproject.com/weblog/2015/jul/08/security-releases/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00043.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00046.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2015/dsa-3305"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/75665"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1032820"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2671-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201510-06"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.djangoproject.com/weblog/2015/jul/08/security-releases/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank upstream Django project for reporting this issue.", "bugzilla": {"description": "Django: possible header injection due to validators accepting newlines in input", "id": "1239011", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1239011"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "draft"}, "cwe": "CWE-185", "details": ["Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an (1) email message to the EmailValidator, a (2) URL to the URLValidator, or unspecified vectors to the (3) validate_ipv4_address or (4) validate_slug validator."], "name": "CVE-2015-5144", "package_state": [{"cpe": "cpe:/a:redhat:openstack:5::el6", "fix_state": "Will not fix", "package_name": "python-django", "product_name": "Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse)"}, {"cpe": "cpe:/a:redhat:openstack:6", "fix_state": "Will not fix", "package_name": "python-django", "product_name": "Red Hat Enterprise Linux OpenStack Platform 6 (Juno)"}, {"cpe": "cpe:/a:redhat:openstack:7", "fix_state": "Not affected", "package_name": "python-django", "product_name": "Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)"}, {"cpe": "cpe:/a:rhel_sam:1", "fix_state": "Will not fix", "package_name": "Django", "product_name": "Red Hat Subscription Asset Manager"}], "public_date": "2015-07-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-5144\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5144"], "statement": "This issue affects the version of python-django as included with Red Hat Enterprise Linux OpenStack Platform 5 and 6 however there is no known security impact in a supported use-case at this time.\nA future update may address this issue.", "threat_severity": "Moderate"}

{}