CVE-2011-4138
Published: 19 October 2011
The verify_exists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 originally tests a URL's validity through a HEAD request, but then uses a GET request for the new target URL in the case of a redirect, which might allow remote attackers to trigger arbitrary GET requests with an unintended source IP address via a crafted Location header.
Priority
Status
Package | Release | Status |
---|---|---|
python-django Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Released
(1.1.1-2ubuntu1.4)
|
|
maverick |
Released
(1.2.3-1ubuntu0.2.10.10.3)
|
|
natty |
Released
(1.2.5-1ubuntu1.1)
|
|
oneiric |
Released
(1.3-2ubuntu1.1)
|
|
upstream |
Released
(1.3.1-1)
|
|
Patches: upstream: https://code.djangoproject.com/changeset/16766 upstream: https://code.djangoproject.com/changeset/16763 |