Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Django Cross-Site Request Forgery (CSRF) Vulnerability - CVE-2011-4140 - Vulnerability Database
Django

Django Cross-Site Request Forgery (CSRF) Vulnerability - CVE-2011-4140

Medium
Reference: CVE-2011-4140
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2011-4140
Title: Django Cross-Site Request Forgery (CSRF) Vulnerability
Overview:

The CSRF protection mechanism in Django through 1.2.7 and 1.3.x through 1.3.1 does not properly handle web-server configurations supporting arbitrary HTTP Host headers which allows remote attackers to trigger unauthenticated forged requests via vectors involving a DNS CNAME record and a web page containing JavaScript code.