Vulnerability Details : CVE-2008-3909
The administration application in Django 0.91, 0.95, and 0.96 stores unauthenticated HTTP POST requests and processes them after successful authentication occurs, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and delete or modify data via unspecified requests.
Vulnerability category: Cross-site request forgery (CSRF)
Products affected by CVE-2008-3909
- cpe:2.3:a:django_project:django:0.95:*:*:*:*:*:*:*
- cpe:2.3:a:django_project:django:0.91:*:*:*:*:*:*:*
- cpe:2.3:a:django_project:django:0.96:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-3909
0.28%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 68 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-3909
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.8
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:P |
8.6
|
4.9
|
NIST |
CWE ids for CVE-2008-3909
-
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-3909
-
http://www.vupen.com/english/advisories/2008/2533
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
https://bugzilla.redhat.com/show_bug.cgi?id=460966
460966 – (CVE-2008-3909) CVE-2008-3909 Django: CSRF issue fixed in 0.96.3
-
http://www.openwall.com/lists/oss-security/2008/09/03/4
oss-security - django CSRF vuln
-
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00091.html
[SECURITY] Fedora 8 Update: Django-0.96.3-1.fc8
-
http://www.debian.org/security/2008/dsa-1640
Debian -- Security Information -- DSA-1640-1 python-django
-
http://www.djangoproject.com/weblog/2008/sep/02/security/
Security fix released | Weblog | DjangoPatch
-
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00131.html
[SECURITY] Fedora 9 Update: Django-0.96.3-1.fc9
Jump to