CVE-2016-9014

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-9014

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-9014.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2016-9014

Aliases

Related

Published

2016-12-09T20:59:06Z

Modified

2024-09-11T04:08:37.908376Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS.

References

Affected packages

Alpine:v3.10 / py-django

Package

Name: py-django
Purl: pkg:apk/alpine/py-django?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.16-r0

Affected versions

1.*

1.2.5-r0

1.2.5-r1

1.4.1-r0

1.5-r0

1.5.1-r0

1.5.5-r0

1.5.6-r0

1.5.7-r0

1.5.8-r0

1.6.5-r0

1.6.6-r0

1.7-r0

1.8-r0

1.8.3-r0

1.8.4-r0

1.8.6-r0

1.8.7-r0

1.8.8-r0

1.8.10-r0

1.8.12-r0

1.8.14-r0

1.8.15-r0

Alpine:v3.11 / py3-django

Package

Name: py3-django
Purl: pkg:apk/alpine/py3-django?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.16-r0

Affected versions

1.*

1.2.5-r0

1.2.5-r1

1.4.1-r0

1.5-r0

1.5.1-r0

1.5.5-r0

1.5.6-r0

1.5.7-r0

1.5.8-r0

1.6.5-r0

1.6.6-r0

1.7-r0

1.8-r0

1.8.3-r0

1.8.4-r0

1.8.6-r0

1.8.7-r0

1.8.8-r0

1.8.10-r0

1.8.12-r0

1.8.14-r0

1.8.15-r0

Alpine:v3.12 / py3-django

Package

Name: py3-django
Purl: pkg:apk/alpine/py3-django?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.16-r0

Affected versions

1.*

1.2.5-r0

1.2.5-r1

1.4.1-r0

1.5-r0

1.5.1-r0

1.5.5-r0

1.5.6-r0

1.5.7-r0

1.5.8-r0

1.6.5-r0

1.6.6-r0

1.7-r0

1.8-r0

1.8.3-r0

1.8.4-r0

1.8.6-r0

1.8.7-r0

1.8.8-r0

1.8.10-r0

1.8.12-r0

1.8.14-r0

1.8.15-r0

Alpine:v3.2 / py-django

Package

Name: py-django
Purl: pkg:apk/alpine/py-django?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.16-r0

Affected versions

1.*

1.2.5-r0

1.2.5-r1

1.4.1-r0

1.5-r0

1.5.1-r0

1.5.5-r0

1.5.6-r0

1.5.7-r0

1.5.8-r0

1.6.5-r0

1.6.6-r0

1.7-r0

1.8-r0

1.8.3-r0

1.8.3-r1

1.8.10-r0

1.8.14-r0

1.8.15-r0

Alpine:v3.3 / py-django

Package

Name: py-django
Purl: pkg:apk/alpine/py-django?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.16-r0

Affected versions

1.*

1.2.5-r0

1.2.5-r1

1.4.1-r0

1.5-r0

1.5.1-r0

1.5.5-r0

1.5.6-r0

1.5.7-r0

1.5.8-r0

1.6.5-r0

1.6.6-r0

1.7-r0

1.8-r0

1.8.3-r0

1.8.4-r0

1.8.6-r0

1.8.7-r0

1.8.10-r0

1.8.12-r0

1.8.14-r0

1.8.15-r0

Alpine:v3.4 / py-django

Package

Name: py-django
Purl: pkg:apk/alpine/py-django?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.16-r0

Affected versions

1.*

1.2.5-r0

1.2.5-r1

1.4.1-r0

1.5-r0

1.5.1-r0

1.5.5-r0

1.5.6-r0

1.5.7-r0

1.5.8-r0

1.6.5-r0

1.6.6-r0

1.7-r0

1.8-r0

1.8.3-r0

1.8.4-r0

1.8.6-r0

1.8.7-r0

1.8.8-r0

1.8.10-r0

1.8.12-r0

1.8.14-r0

1.8.15-r0

Alpine:v3.5 / py-django

Package

Name: py-django
Purl: pkg:apk/alpine/py-django?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.16-r0

Affected versions

1.*

1.2.5-r0

1.2.5-r1

1.4.1-r0

1.5-r0

1.5.1-r0

1.5.5-r0

1.5.6-r0

1.5.7-r0

1.5.8-r0

1.6.5-r0

1.6.6-r0

1.7-r0

1.8-r0

1.8.3-r0

1.8.4-r0

1.8.6-r0

1.8.7-r0

1.8.8-r0

1.8.10-r0

1.8.12-r0

1.8.14-r0

1.8.15-r0

Alpine:v3.6 / py-django

Package

Name: py-django
Purl: pkg:apk/alpine/py-django?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.16-r0

Affected versions

1.*

1.2.5-r0

1.2.5-r1

1.4.1-r0

1.5-r0

1.5.1-r0

1.5.5-r0

1.5.6-r0

1.5.7-r0

1.5.8-r0

1.6.5-r0

1.6.6-r0

1.7-r0

1.8-r0

1.8.3-r0

1.8.4-r0

1.8.6-r0

1.8.7-r0

1.8.8-r0

1.8.10-r0

1.8.12-r0

1.8.14-r0

1.8.15-r0

Alpine:v3.7 / py-django

Package

Name: py-django
Purl: pkg:apk/alpine/py-django?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.16-r0

Affected versions

1.*

1.2.5-r0

1.2.5-r1

1.4.1-r0

1.5-r0

1.5.1-r0

1.5.5-r0

1.5.6-r0

1.5.7-r0

1.5.8-r0

1.6.5-r0

1.6.6-r0

1.7-r0

1.8-r0

1.8.3-r0

1.8.4-r0

1.8.6-r0

1.8.7-r0

1.8.8-r0

1.8.10-r0

1.8.12-r0

1.8.14-r0

1.8.15-r0

Alpine:v3.8 / py-django

Package

Name: py-django
Purl: pkg:apk/alpine/py-django?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.16-r0

Affected versions

1.*

1.2.5-r0

1.2.5-r1

1.4.1-r0

1.5-r0

1.5.1-r0

1.5.5-r0

1.5.6-r0

1.5.7-r0

1.5.8-r0

1.6.5-r0

1.6.6-r0

1.7-r0

1.8-r0

1.8.3-r0

1.8.4-r0

1.8.6-r0

1.8.7-r0

1.8.8-r0

1.8.10-r0

1.8.12-r0

1.8.14-r0

1.8.15-r0

Alpine:v3.9 / py-django

Package

Name: py-django
Purl: pkg:apk/alpine/py-django?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.16-r0

Affected versions

1.*

1.2.5-r0

1.2.5-r1

1.4.1-r0

1.5-r0

1.5.1-r0

1.5.5-r0

1.5.6-r0

1.5.7-r0

1.5.8-r0

1.6.5-r0

1.6.6-r0

1.7-r0

1.8-r0

1.8.3-r0

1.8.4-r0

1.8.6-r0

1.8.7-r0

1.8.8-r0

1.8.10-r0

1.8.12-r0

1.8.14-r0

1.8.15-r0

Debian:11 / python-django

Package

Name: python-django
Purl: pkg:deb/debian/python-django?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:1.10.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / python-django

Package

Name: python-django
Purl: pkg:deb/debian/python-django?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:1.10.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / python-django

Package

Name: python-django
Purl: pkg:deb/debian/python-django?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:1.10.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/django/django

Affected ranges

Type: GIT
Repo: https://github.com/django/django
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

2234d1f08d079a3e4be4f1a89847dc294a4a5c1a

Last affected

25e416ca0f3ea6035c8d797dcc9604bc32202268

Last affected

37935743edbf60201adb1b53b56b8cafa754c69a

Last affected

4022b2c306e88a4ab7f80507e736ce7ac7d01186

Last affected

4217f1cdeb070707e54fec8221b9e63e3957ef38

Last affected

449d1effb81152e54f482784cf7febe965007096

Last affected

6e749c21e77dc74af068c8e943a6e6850ae0bb24

Last affected

80b7e9d09f2d23209b591288f9b2cf3eb3d927c8

Last affected

8a2a3a63b83375d9322c077b6356007e0bef5939

Last affected

8dd33d429892fc06cc9aa655012491f029f5f491

Last affected

9fbdc48c493f43961173bab8f23d633ab41a9608

Last affected

a1f5bafac51f973cc7219d3b7c96587fe7066920

Last affected

a98e00f06834e5fdc945c2aca2c3498efb06ac7d

Last affected

acc3c1df8474f424b2f179bac03d0e9a6bc9aba0

Last affected

b29316c54bb3465265ff931e807229f13349457d

Last affected

b35adb0909b25a7dafc9212ddedfbf9b29dc05b8

Last affected

bd97496d07466f3a940e2fcc114b540ca01cd340

Last affected

c00335997744196738368f46c30ef2eeaa0ac849

Last affected

c168aeba175dbb92c615460a360cb1ea978de5d3

Last affected

c982190acf7bcfba5e78a7505a45774916865569

Last affected

dafddb6b8c0eb778072bec1ccd536bafad0eb936

Last affected

e18ddd07f08a9e42d1acee5cb1d48793f5c43884

Last affected

e3c9412d86c3c394e2604e63f3b51c102ae3e3d7

Last affected

e403f2217e67301526a0df5ea5be42e190e00e10

Last affected

e70a309c428cfd4e600dc9fa0c7269b1e7a8efcd

Last affected

e8bb7464c562388da48bca04c5996fe16a0c3619

Last affected

e99ebfcc140a5f794e259994f9252cb440459143

Last affected

ef08d8cf9e0d1ca62c6c291575d9e306cb09afcb

Last affected

f49602ad46b447c5a27d47b0e89b3440109211a4

Last affected

feac4c30ce7635e17ce1adc4c2c7a1eb0721aeb3

Affected versions

1.*

1.0

1.1

1.10a1

1.10b1

1.2

1.2.1

1.3

1.4

1.7a1

1.7a2

1.8

1.8.1

1.8.10

1.8.11

1.8.12

1.8.13

1.8.14

1.8.15

1.8.2

1.8.3

1.8.4

1.8.5

1.8.6

1.8.7

1.8.8

1.8.9

1.8a1

1.8b1

1.8b2

1.8c1

1.9

1.9.1

1.9.2

1.9.3

1.9.4

1.9.5

1.9.6

1.9.7

1.9.8

1.9a1

1.9b1

1.9rc1

1.9rc2