CVE-2015-5144 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2015-5144 Interim 1 13 2023-12-08T02:10:39Z current 2021-05-30T13:31:36Z 2023-12-08T02:10:39Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2015-5144 Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an (1) email message to the EmailValidator, a (2) URL to the URLValidator, or unspecified vectors to the (3) validate_ipv4_address or (4) validate_slug validator. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2015-October/001643.html E-Mail link for SUSE-SU-2015:1810-1 https://lists.suse.com/pipermail/sle-security-updates/2015-October/001644.html E-Mail link for SUSE-SU-2015:1815-1 https://lists.suse.com/pipermail/sle-security-updates/2016-January/001786.html E-Mail link for SUSE-SU-2016:0044-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Enterprise Storage 1.0 SUSE Enterprise Storage 2 SUSE OpenStack Cloud 5 python-Django-1.6.11-10.2 python-Django-1.6.11-3.1 python-Django-1.6.11-8.1 python-Django-1.6.11-8.1 as a component of SUSE Enterprise Storage 1.0 python-Django-1.6.11-3.1 as a component of SUSE Enterprise Storage 2 python-Django-1.6.11-10.2 as a component of SUSE OpenStack Cloud 5 Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an (1) email message to the EmailValidator, a (2) URL to the URLValidator, or unspecified vectors to the (3) validate_ipv4_address or (4) validate_slug validator. CVE-2015-5144 SUSE Enterprise Storage 1.0:python-Django-1.6.11-8.1 SUSE Enterprise Storage 2:python-Django-1.6.11-3.1 SUSE OpenStack Cloud 5:python-Django-1.6.11-10.2 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N