CVE-2016-9014 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2016-9014 Interim 1 12 2023-02-10T02:29:06Z current 2021-05-30T13:47:14Z 2023-02-10T02:29:06Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2016-9014 Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2018-April/003895.html E-Mail link for SUSE-SU-2018:0973-1 https://lists.suse.com/pipermail/sle-security-updates/2018-April/003965.html E-Mail link for SUSE-SU-2018:1102-1 https://lists.opensuse.org/opensuse-updates/2018-03/msg00103.html E-Mail link for openSUSE-SU-2018:0824-1 https://lists.opensuse.org/opensuse-updates/2018-03/msg00105.html E-Mail link for openSUSE-SU-2018:0826-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE OpenStack Cloud 6 SUSE OpenStack Cloud 7 python-Django-1.8.19-3.4.1 python-Django-1.8.19-3.6.1 python-Django-1.8.19-3.6.1 as a component of SUSE OpenStack Cloud 6 python-Django-1.8.19-3.4.1 as a component of SUSE OpenStack Cloud 7 Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS. CVE-2016-9014 SUSE OpenStack Cloud 6:python-Django-1.8.19-3.6.1 SUSE OpenStack Cloud 7:python-Django-1.8.19-3.4.1 low 4 AV:N/AC:H/Au:N/C:P/I:P/A:N 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H