CVE-2019-12781

CVSS v4.0

6.9

Medium

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Django versions 1.11 before 1.11.22 Django versions 2.1 before 2.1.10 Django versions 2.2 before 2.2.3

Description An issue in Django causes incorrect behavior of django.http.HttpRequest.scheme when a client uses HTTP, but the proxy connects to Django via HTTPS, and the SECURE PROXY SSL HEADER and SECURE SSL REDIRECT settings are used. This issue is related to errors in processing HTTP requests that are determined as HTTPS requests. The exploitation of this issue may allow a remote attacker to access protected information.

Recommendations For Django version 1.11 before 1.11.22, update to version 1.11.22 or later. For Django version 2.1 before 2.1.10, update to version 2.1.10 or later. For Django version 2.2 before 2.2.3, update to version 2.2.3 or later.

Fix

RCE

Cleartext Transmission of Sensitive Information

HTTP Request/Response Smuggling

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-319CWE-444

Related Identifiers

ALT-PU-2019-2367

BDU:2019-02513

CVE-2019-12781

DLA-1842-1

DSA-4476-1

GHSA-6C7V-2F49-8H26

OPENSUSE-SU-2019:1839-1

OPENSUSE-SU-2019:1872-1

OPENSUSE-SU-2019_1839-1

OPENSUSE-SU-2024:11205-1

OPENSUSE-SU-2024:13887-1

OPENSUSE-SU-2024:14208-1

OPENSUSE-SU-2026:10005-1

PYSEC-2019-10

RHSA-2020:1324

RHSA-2020:4366

RHSA-2020:4390

SUSE-SU-2019:2257-1

SUSE-SU-2019:2335-1

SUSE-SU-2019:2379-1

SUSE-SU-2019:3127-1

USN-4043-1

Affected Products

Alt Linux

Django

Suse

Ubuntu

CVE-2019-12781

Weakness Enumeration

Related Identifiers

Affected Products

References · 134