CVE-2011-4139

N/A Unknown

Published: October 19, 2011 Modified: April 29, 2026

Description

Django before 1.2.7 and 1.3.x before 1.3.1 uses a request's HTTP Host header to construct a full URL in certain circumstances, which allows remote attackers to conduct cache poisoning attacks via a crafted request.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://openwall.com/lists/oss-security/2011/09/11/1

Source: cve@mitre.org

Patch

http://openwall.com/lists/oss-security/2011/09/13/2

Source: cve@mitre.org

Patch

http://secunia.com/advisories/46614

Source: cve@mitre.org

http://www.debian.org/security/2011/dsa-2332

Source: cve@mitre.org

https://bugzilla.redhat.com/show_bug.cgi?id=737366

Source: cve@mitre.org

Patch

https://hermes.opensuse.org/messages/14700881

Source: cve@mitre.org

https://www.djangoproject.com/weblog/2011/sep/09/

Source: cve@mitre.org

Patch Vendor Advisory

https://www.djangoproject.com/weblog/2011/sep/10/127/

Source: cve@mitre.org

Patch

http://openwall.com/lists/oss-security/2011/09/11/1