We found results for “”
CVE-2008-3909
Date: September 4, 2008
The administration application in Django 0.91, 0.95, and 0.96 stores unauthenticated HTTP POST requests and processes them after successful authentication occurs, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and delete or modify data via unspecified requests.
Severity Score
Related Resources (13)
Severity Score
Weakness Type (CWE)
Cross-Site Request Forgery (CSRF)
CWE-352CVSS v3
Base Score: |
|
---|---|
Attack Vector (AV): | |
Attack Complexity (AC): | |
Privileges Required (PR): | |
User Interaction (UI): | |
Scope (S): | |
Confidentiality (C): | NONE |
Integrity (I): | NONE |
Availability (A): | COMPLETE |
CVSS v2
Base Score: |
|
---|---|
Access Vector (AV): | |
Access Complexity (AC): | |
Authentication (AU): | |
Confidentiality (C): | LOW |
Integrity (I): | LOW |
Availability (A): | LOW |
Additional information: |