VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-yxyn-357b-aaad

Essentials
Severities (134)
References (52)
Severity details (43)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-yxyn-357b-aaad
Aliases	CVE-2016-7401 GHSA-crhm-qpjc-cm64 PYSEC-2016-3
Summary	The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-254	7PK - Security Features
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-352	Cross-Site Request Forgery (CSRF)

System	Score	Found at
generic_textual	Medium	http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7401.html
cvssv3.1	7.5	http://rhn.redhat.com/errata/RHSA-2016-2038.html
generic_textual	HIGH	http://rhn.redhat.com/errata/RHSA-2016-2038.html
cvssv3.1	7.5	http://rhn.redhat.com/errata/RHSA-2016-2039.html
generic_textual	HIGH	http://rhn.redhat.com/errata/RHSA-2016-2039.html
cvssv3.1	7.5	http://rhn.redhat.com/errata/RHSA-2016-2040.html
generic_textual	HIGH	http://rhn.redhat.com/errata/RHSA-2016-2040.html
cvssv3.1	7.5	http://rhn.redhat.com/errata/RHSA-2016-2041.html
generic_textual	HIGH	http://rhn.redhat.com/errata/RHSA-2016-2041.html
cvssv3.1	7.5	http://rhn.redhat.com/errata/RHSA-2016-2042.html
generic_textual	HIGH	http://rhn.redhat.com/errata/RHSA-2016-2042.html
cvssv3.1	7.5	http://rhn.redhat.com/errata/RHSA-2016-2043.html
generic_textual	HIGH	http://rhn.redhat.com/errata/RHSA-2016-2043.html
rhas	Moderate	https://access.redhat.com/errata/RHSA-2016:2038
rhas	Moderate	https://access.redhat.com/errata/RHSA-2016:2039
rhas	Moderate	https://access.redhat.com/errata/RHSA-2016:2040
rhas	Moderate	https://access.redhat.com/errata/RHSA-2016:2041
rhas	Moderate	https://access.redhat.com/errata/RHSA-2016:2042
rhas	Moderate	https://access.redhat.com/errata/RHSA-2016:2043
cvssv3	6.1	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7401.json
epss	0.00767	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.00767	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.00767	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.00767	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.00767	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.00767	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.00767	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.00767	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.00767	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.00767	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.00767	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.02419	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.02419	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.02419	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.02419	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.02459	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.02907	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.02907	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.02907	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.02907	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.02907	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.02907	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.02907	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.02907	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.02907	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.02907	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.02907	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.02907	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.02907	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.02907	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.02907	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.02907	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.02907	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.02907	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.02907	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.02907	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.02907	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.02907	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.02907	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.02907	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.02907	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.02907	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.02907	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.02907	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.02907	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.02907	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.03776	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.03776	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.03776	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.03776	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.03776	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.05228	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.05228	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.05228	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.05228	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.05228	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.05228	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.05228	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.05228	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.05228	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.05228	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.05228	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.05228	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.05228	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.05228	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.05228	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.05228	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.05228	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.05228	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.05228	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.05228	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.05228	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.05228	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.05228	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.05228	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.06628	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.06628	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.06628	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.06628	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.06831	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.06831	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.06831	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.06831	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
epss	0.06831	https://api.first.org/data/v1/epss?cve=CVE-2016-7401
rhbs	medium	https://bugzilla.redhat.com/show_bug.cgi?id=1377376
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7401
cvssv2	5.8	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	6.1	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-crhm-qpjc-cm64
cvssv3.1	3.7	https://github.com/django/django
generic_textual	MODERATE	https://github.com/django/django
cvssv3.1	7.5	https://github.com/django/django/commit/6118ab7d0676f0d622278e5be215f14fb5410b6a
generic_textual	HIGH	https://github.com/django/django/commit/6118ab7d0676f0d622278e5be215f14fb5410b6a
cvssv3.1	7.5	https://github.com/django/django/commit/6fe846a8f08dc959003f298b5407e321c6fe3735
generic_textual	HIGH	https://github.com/django/django/commit/6fe846a8f08dc959003f298b5407e321c6fe3735
cvssv3.1	7.5	https://github.com/django/django/commit/d1bc980db1c0fffd6d60677e62f70beadb9fe64a
generic_textual	HIGH	https://github.com/django/django/commit/d1bc980db1c0fffd6d60677e62f70beadb9fe64a
cvssv3.1	7.5	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2016-3.yaml
generic_textual	HIGH	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2016-3.yaml
cvssv2	5.0	https://nvd.nist.gov/vuln/detail/CVE-2016-7401
cvssv3	7.5	https://nvd.nist.gov/vuln/detail/CVE-2016-7401
archlinux	Medium	https://security.archlinux.org/AVG-35
generic_textual	Medium	https://ubuntu.com/security/notices/USN-3089-1
cvssv3.1	7.5	https://web.archive.org/web/20200227223637/http://www.securityfocus.com/bid/93182
generic_textual	HIGH	https://web.archive.org/web/20200227223637/http://www.securityfocus.com/bid/93182
cvssv3.1	7.5	https://web.archive.org/web/20210927195154/http://www.securitytracker.com/id/1036899
generic_textual	HIGH	https://web.archive.org/web/20210927195154/http://www.securitytracker.com/id/1036899
cvssv3.1	7.5	https://www.djangoproject.com/weblog/2016/sep/26/security-releases
generic_textual	HIGH	https://www.djangoproject.com/weblog/2016/sep/26/security-releases
generic_textual	Medium	https://www.djangoproject.com/weblog/2016/sep/26/security-releases/
cvssv3.1	7.5	http://www.debian.org/security/2016/dsa-3678
generic_textual	HIGH	http://www.debian.org/security/2016/dsa-3678
cvssv3.1	7.5	http://www.ubuntu.com/usn/USN-3089-1
generic_textual	HIGH	http://www.ubuntu.com/usn/USN-3089-1

Reference id	Reference type	URL
		http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7401.html
		http://rhn.redhat.com/errata/RHSA-2016-2038.html
		http://rhn.redhat.com/errata/RHSA-2016-2039.html
		http://rhn.redhat.com/errata/RHSA-2016-2040.html
		http://rhn.redhat.com/errata/RHSA-2016-2041.html
		http://rhn.redhat.com/errata/RHSA-2016-2042.html
		http://rhn.redhat.com/errata/RHSA-2016-2043.html
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7401.json
		https://api.first.org/data/v1/epss?cve=CVE-2016-7401
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7401
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/django/django
		https://github.com/django/django/commit/6118ab7d0676f0d622278e5be215f14fb5410b6a
		https://github.com/django/django/commit/6fe846a8f08dc959003f298b5407e321c6fe3735
		https://github.com/django/django/commit/d1bc980db1c0fffd6d60677e62f70beadb9fe64a
		https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2016-3.yaml
		https://ubuntu.com/security/notices/USN-3089-1
		https://web.archive.org/web/20200227223637/http://www.securityfocus.com/bid/93182
		https://web.archive.org/web/20210927195154/http://www.securitytracker.com/id/1036899
		https://www.djangoproject.com/weblog/2016/sep/26/security-releases
		https://www.djangoproject.com/weblog/2016/sep/26/security-releases/
		http://www.debian.org/security/2016/dsa-3678
		http://www.securityfocus.com/bid/93182
		http://www.securitytracker.com/id/1036899
		http://www.ubuntu.com/usn/USN-3089-1
1377376		https://bugzilla.redhat.com/show_bug.cgi?id=1377376
ASA-201610-13		https://security.archlinux.org/ASA-201610-13
AVG-35		https://security.archlinux.org/AVG-35
cpe:2.3:a:djangoproject:django::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django::::::::
cpe:2.3:a:djangoproject:django:1.9.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.0:::::::*
cpe:2.3:a:djangoproject:django:1.9.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.1:::::::*
cpe:2.3:a:djangoproject:django:1.9.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.2:::::::*
cpe:2.3:a:djangoproject:django:1.9.3:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.3:::::::*
cpe:2.3:a:djangoproject:django:1.9.4:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.4:::::::*
cpe:2.3:a:djangoproject:django:1.9.5:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.5:::::::*
cpe:2.3:a:djangoproject:django:1.9.6:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.6:::::::*
cpe:2.3:a:djangoproject:django:1.9.7:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.7:::::::*
cpe:2.3:a:djangoproject:django:1.9.8:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.8:::::::*
cpe:2.3:a:djangoproject:django:1.9.9:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.9:::::::*
cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
cpe:2.3:o:debian:debian_linux:8.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
CVE-2016-7401		https://nvd.nist.gov/vuln/detail/CVE-2016-7401
GHSA-crhm-qpjc-cm64		https://github.com/advisories/GHSA-crhm-qpjc-cm64
RHSA-2016:2038		https://access.redhat.com/errata/RHSA-2016:2038
RHSA-2016:2039		https://access.redhat.com/errata/RHSA-2016:2039
RHSA-2016:2040		https://access.redhat.com/errata/RHSA-2016:2040
RHSA-2016:2041		https://access.redhat.com/errata/RHSA-2016:2041
RHSA-2016:2042		https://access.redhat.com/errata/RHSA-2016:2042
RHSA-2016:2043		https://access.redhat.com/errata/RHSA-2016:2043
USN-3089-1		https://usn.ubuntu.com/3089-1/

No exploits are available.

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at http://rhn.redhat.com/errata/RHSA-2016-2038.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at http://rhn.redhat.com/errata/RHSA-2016-2039.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at http://rhn.redhat.com/errata/RHSA-2016-2040.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at http://rhn.redhat.com/errata/RHSA-2016-2041.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at http://rhn.redhat.com/errata/RHSA-2016-2042.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at http://rhn.redhat.com/errata/RHSA-2016-2043.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7401.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/django/django

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/django/django/commit/6118ab7d0676f0d622278e5be215f14fb5410b6a

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/django/django/commit/6fe846a8f08dc959003f298b5407e321c6fe3735

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/django/django/commit/d1bc980db1c0fffd6d60677e62f70beadb9fe64a

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2016-3.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2016-7401

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2016-7401

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://web.archive.org/web/20200227223637/http://www.securityfocus.com/bid/93182

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://web.archive.org/web/20210927195154/http://www.securitytracker.com/id/1036899

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://www.djangoproject.com/weblog/2016/sep/26/security-releases

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at http://www.debian.org/security/2016/dsa-3678

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at http://www.ubuntu.com/usn/USN-3089-1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.81660
EPSS Score	0.00767
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.