DEBIAN-CVE-2016-9014
- Source
- https://security-tracker.debian.org/tracker/CVE-2016-9014
- Import Source
- https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2016-9014.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2016-9014
- Upstream
- Published
- 2016-12-09T20:59:06Z
- Modified
- 2025-09-25T22:40:46Z
- Severity
-
- 8.1 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS.
- References
Affected packages
Debian:11 / python-django
Package
- Name
- python-django
- Purl
- pkg:deb/debian/python-django?arch=source
Debian:12 / python-django
Package
- Name
- python-django
- Purl
- pkg:deb/debian/python-django?arch=source
Debian:13 / python-django
Package
- Name
- python-django
- Purl
- pkg:deb/debian/python-django?arch=source
Debian:14 / python-django
Package
- Name
- python-django
- Purl
- pkg:deb/debian/python-django?arch=source