CVE-2014-0482 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2014-0482 Interim 1 9 2023-12-08T02:30:53Z current 2021-05-30T13:18:08Z 2023-12-08T02:30:53Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2014-0482 The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.RemoteUserBackend backend, allows remote authenticated users to hijack web sessions via vectors related to the REMOTE_USER header. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2014-September/001009.html E-Mail link for SUSE-SU-2014:1153-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE OpenStack Cloud 3.0 SUSE OpenStack Cloud 4 python-django-1.5.10-0.11.1 python-django-1.5.10-0.8.1 python-django-1.5.10-0.8.1 as a component of SUSE OpenStack Cloud 3.0 python-django-1.5.10-0.11.1 as a component of SUSE OpenStack Cloud 4 The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.RemoteUserBackend backend, allows remote authenticated users to hijack web sessions via vectors related to the REMOTE_USER header. CVE-2014-0482 SUSE OpenStack Cloud 3.0:python-django-1.5.10-0.8.1 SUSE OpenStack Cloud 4:python-django-1.5.10-0.11.1 moderate 6 AV:N/AC:M/Au:S/C:P/I:P/A:P