CVE-2014-3730
Canonical Ubuntu Linux < 1.4.13 - Improper Input Validation
Title source: ruleDescription
The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate URLs, which allows remote attackers to conduct open redirect attacks via a malformed URL, as demonstrated by "http:\\\djangoproject.com."
References (8)
Core 8
Core References
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/61281
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2014/dsa-2934
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://ubuntu.com/usn/usn-2212-1
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/67410
Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html
Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2014/05/15/3
Patch, Vendor Advisory x_refsource_confirm
https://www.djangoproject.com/weblog/2014/may/14/security-releases-issued/
Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2014/05/14/10
Scores
EPSS
0.0312
EPSS Percentile
86.3%
Details
CWE
CWE-20
Status
published
Products (36)
canonical/ubuntu_linux
10.04
canonical/ubuntu_linux
12.04
canonical/ubuntu_linux
12.10
canonical/ubuntu_linux
13.10
canonical/ubuntu_linux
14.04
debian/debian_linux
7.0
debian/debian_linux
8.0
djangoproject/django
1.4
djangoproject/django
1.4.1
djangoproject/django
1.4.2
... and 26 more
Published
May 16, 2014
Tracked Since
Feb 18, 2026