CVE-2008-3909 — MEDIUM (5.8)

Q: How severe is CVE-2008-3909?

CVE-2008-3909 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2008-3909?

Check the references section above for vendor advisories and patch information. Affected products include: Djangoproject Django.

Vulnerability Description

The administration application in Django 0.91, 0.95, and 0.96 stores unauthenticated HTTP POST requests and processes them after successful authentication occurs, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and delete or modify data via unspecified requests.

CVSS Score

5.8

MEDIUM

AV:N/AC:M/Au:N/C:N/I:P/A:P

Confidentiality

NONE

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Djangoproject	Django	>= 0.91, < 0.91.3

Related Weaknesses (CWE)

CWE-352

References

http://osvdb.org/47906Broken Link
http://secunia.com/advisories/31837Not Applicable
http://secunia.com/advisories/31961Not Applicable
http://www.debian.org/security/2008/dsa-1640Third Party Advisory
http://www.djangoproject.com/weblog/2008/sep/02/security/Patch
http://www.openwall.com/lists/oss-security/2008/09/03/4Mailing ListThird Party Advisory
http://www.vupen.com/english/advisories/2008/2533Not Applicable
https://bugzilla.redhat.com/show_bug.cgi?id=460966Issue TrackingThird Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00091.Broken Link
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00131.Broken Link
http://osvdb.org/47906Broken Link
http://secunia.com/advisories/31837Not Applicable
http://secunia.com/advisories/31961Not Applicable
http://www.debian.org/security/2008/dsa-1640Third Party Advisory
http://www.djangoproject.com/weblog/2008/sep/02/security/Patch

FAQ

What is CVE-2008-3909?

CVE-2008-3909 is a vulnerability with a CVSS score of 5.8 (MEDIUM). The administration application in Django 0.91, 0.95, and 0.96 stores unauthenticated HTTP POST requests and processes them after successful authentication occurs, which allows remote attackers to cond...

How severe is CVE-2008-3909?

CVE-2008-3909 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2008-3909?

Check the references section above for vendor advisories and patch information. Affected products include: Djangoproject Django.