Miggo Logo

CVE-2015-5144: Django Vulnerable to HTTP Response Splitting Attack

7.5

CVSS Score
3.1

Basic Information

EPSS Score
0.79015%
Published
5/17/2022
Updated
9/18/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
djangopip< 1.4.211.4.21
Djangopip>= 1.5, < 1.7.91.7.9
Djangopip>= 1.8a1, < 1.8.31.8.3

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from regex patterns using '$' (which matches at string end or before a trailing newline) instead of '\Z' (strict end-of-string). This allowed newline characters in validated input. The commit diffs (e.g., 1ba1cdc) explicitly modify these validators' regexes in django/core/validators.py, and the CVE description directly names these four validators as attack vectors. High confidence is justified by the direct correlation between the vulnerability report, patch changes, and affected functions.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*j*n*o ***or* *.*.**, *.*.x t*rou** *.*.x, *.*.x ***or* *.*.*, *n* *.*.x ***or* *.*.* us*s *n in*orr**t r**ul*r *xpr*ssion, w*i** *llows r*mot* *tt**k*rs to inj**t *r*itr*ry *****rs *n* *on*u*t *TTP r*spons* splittin* *tt**ks vi* * n*wlin* ***r**t*r

Reasoning

T** vuln*r**ility st*ms *rom r***x p*tt*rns usin* '$' (w*i** m*t***s *t strin* *n* or ***or* * tr*ilin* n*wlin*) inst*** o* '\Z' (stri*t *n*-o*-strin*). T*is *llow** n*wlin* ***r**t*rs in v*li**t** input. T** *ommit *i**s (*.*., *******) *xpli*itly m