Miggo Logo
Miggo Vulnerability Database
CVE-2019-12781

CVE-2019-12781: Django Incorrect HTTP detection with reverse-proxy connecting via HTTPS

5.3

CVSS Score
3.0

Basic Information

CVE ID
CVE-2019-12781
GHSA ID
GHSA-6c7v-2f49-8h26
EPSS Score
0.84432%
CWE
CWE-319
Published
7/3/2019
Updated
9/18/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
Djangopip>= 2.1, < 2.1.102.1.10
Djangopip>= 2.2, < 2.2.32.2.3
Djangopip>= 1.11, < 1.11.221.11.22

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability description explicitly references django.http.HttpRequest.scheme's incorrect behavior as the root cause. The scheme property determines the request protocol (HTTP/HTTPS) and influences security redirects. When configured with reverse proxies (SECURE_PROXY_SSL_HEADER), vulnerable versions failed to properly validate client protocol when the proxy-Django connection used HTTPS, leading to cleartext transmission risks. The patched versions corrected how proxy headers are interpreted in this scenario.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*n issu* w*s *is*ov*r** in *j*n*o *.** ***or* *.**.**, *.* ***or* *.*.**, *n* *.* ***or* *.*.*. *n *TTP r*qu*st is not r**ir**t** to *TTPS w**n t** S**UR*_PROXY_SSL_*****R *n* S**UR*_SSL_R**IR**T s*ttin*s *r* us**, *n* t** proxy *onn**ts to *j*n*o vi

Reasoning

T** vuln*r**ility **s*ription *xpli*itly r***r*n**s *j*n*o.*ttp.*ttpR*qu*st.s***m*'s in*orr**t ****vior *s t** root **us*. T** s***m* prop*rty **t*rmin*s t** r*qu*st proto*ol (*TTP/*TTPS) *n* in*lu*n**s s**urity r**ir**ts. W**n *on*i*ur** wit* r*v*rs