CVE-2011-0696 in Djangoinfo

Summary

Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via forged AJAX requests that leverage a "combination of browser plugins and redirects," a related issue to CVE-2011-0447.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Reservation

01/31/2011

Disclosure

02/14/2011

Moderation

VulDB entry created

Entries

CPE

ready

CWE

CWE-352 (Confirmed)

CVSS

6.3

EPSS

0.02750

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2011-0696
NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-0696
CVE Details	https://www.cvedetails.com/cve/CVE-2011-0696/

◂ Previous Overview Next ▸

Want to know what is going to be exploited?

We predict KEV entries!