CVE Database - 2012

Browse known vulnerabilities with WAF coverage analysis. See which CVEs are detectable by Web Application Firewalls and their OWASP CRS rules.

1
Matching CVEs
15853
Critical
26962
High
69389
High WAF Coverage
Severity: All Critical (15853) High (26962) Medium (41242) Low (855)
Attack: Authentication Bypass (3246) CSRF (7960) Code Injection (4249) Command Injection (3187) Cross-Site Scripting (XSS) (37475) HTTP Response Splitting (79) Incorrect Authorization (2764) Input Validation (8673) Insecure Deserialization (2555) Missing Authorization (7641) OS Command Injection (5400) Open Redirect (1432) Path Traversal (6855) Privilege Escalation (2590) Remote File Inclusion (1113) Resource Exhaustion (2791) SQL Injection (14737) SSRF (2370) Unrestricted File Upload (3980) XXE (1206)
Year: 1990 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2012 2014 2016 2017 2018 2019 2020 2021 2022 2023 2024 2025 2026
WAF: High (69389) Medium (23730) Low (23337)
Clear filter

CVE-2012-3442

MEDIUM
4.30 CVSS 2.0

The (1) django.http.HttpResponseRedirect and (2) django.http.HttpResponsePermanentRedirect classes in Django before 1.3.2 and 1.4.x before 1.4.1 do not validate the scheme of a redirect target, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via a data: URL.

Cross-Site Scripting (XSS)
WAF: High