|Category:||Access Control Error|
Published on 23/04/14 - Updated on 07/01/17
The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to bypass CSRF protections by reading the CSRF cookie for anonymous users.
CWE-264 (Permissions, Privileges, and Access Control)
Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.
No exploits available for this CVE in our database.