|
|
CVE Reference: CVE-2007-0405 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2007-0405 |
|
|
Description: The LazyUser class in the AuthenticationMiddleware for Django 0.95 does not properly cache the user name across requests, which allows remote authenticated users to gain the privileges of a different user. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/31628 SAID Secunia Advisory: SA23826 CONFIRM http://code.djangoproject.com/changeset/3754 BID 22138 |
|
| Return to the previous page. |
