CVE-2014-1418
Description
Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly include the (1) Vary: Cookie or (2) Cache-Control header in responses, which allows remote attackers to obtain sensitive information or poison the cache via a request from certain browsers.
Risk Information
Base Score
7.4
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score
Exploitation Probability
0.512
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2014-1418,CVE-2014-3730 are fixed in Python-django 1.4.13 | Windows |
| Vulnerabilities CVE-2014-1418,CVE-2014-3730 are fixed in Python-django 1.5.8 | Windows |
| Vulnerabilities CVE-2014-1418,CVE-2014-3730 are fixed in Python-django 1.6.5 | Windows |
| Vulnerabilities CVE-2014-1418,CVE-2014-3730 are fixed in Python-django for linux 1.4.13 | Linux |
| Vulnerabilities CVE-2014-1418,CVE-2014-3730 are fixed in Python-django for linux 1.5.8 | Linux |
| Vulnerabilities CVE-2014-1418,CVE-2014-3730 are fixed in Python-django for linux 1.6.5 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234