What is the severity of CVE-2016-9013?

CVE-2016-9013 is considered a moderate severity vulnerability due to the potential for unauthorized database access.

How do I fix CVE-2016-9013?

To fix CVE-2016-9013, upgrade Django to version 1.8.16, 1.9.11, or 1.10.3 or later.

What versions of Django are affected by CVE-2016-9013?

Django versions 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 are affected by CVE-2016-9013.

What type of attack can exploit CVE-2016-9013?

CVE-2016-9013 can be exploited by remote attackers to gain unauthorized access to the Oracle database.

Is CVE-2016-9013 specific to any database type?

Yes, CVE-2016-9013 specifically involves a vulnerability in Django when used with an Oracle database.

Vulnerability/
CVE-2016-9013

critical

9.8

CWE

798

9/12/2016

17/5/2022

18/9/2024

CVE-2016-9013

First published: Fri Dec 09 2016(Updated: )

Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the database server by leveraging failure to manually specify a password in the database settings TEST dictionary.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
pip/Django	>=1.8a1<1.8.16	1.8.16
pip/Django	>=1.9a1<1.9.11	1.9.11
pip/Django	>=1.10a1<1.10.3	1.10.3
djangoproject Django	=1.10
djangoproject Django	=1.10.1
djangoproject Django	=1.10.2
Ubuntu	=12.04
Ubuntu	=14.04
Ubuntu	=16.04
Ubuntu	=16.10
djangoproject Django	=1.9
djangoproject Django	=1.9.1
djangoproject Django	=1.9.2
djangoproject Django	=1.9.3
djangoproject Django	=1.9.4
djangoproject Django	=1.9.5
djangoproject Django	=1.9.6
djangoproject Django	=1.9.7
djangoproject Django	=1.9.8
djangoproject Django	=1.9.9
djangoproject Django	=1.9.10
djangoproject Django	=1.8
djangoproject Django	=1.8.1
djangoproject Django	=1.8.2
djangoproject Django	=1.8.3
djangoproject Django	=1.8.4
djangoproject Django	=1.8.5
djangoproject Django	=1.8.6
djangoproject Django	=1.8.7
djangoproject Django	=1.8.8
djangoproject Django	=1.8.9
djangoproject Django	=1.8.10
djangoproject Django	=1.8.11
djangoproject Django	=1.8.12
djangoproject Django	=1.8.13
djangoproject Django	=1.8.14
djangoproject Django	=1.8.15
Fedora	=24
Fedora	=25

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-9013?
CVE-2016-9013 is considered a moderate severity vulnerability due to the potential for unauthorized database access.
How do I fix CVE-2016-9013?
To fix CVE-2016-9013, upgrade Django to version 1.8.16, 1.9.11, or 1.10.3 or later.
What versions of Django are affected by CVE-2016-9013?
Django versions 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 are affected by CVE-2016-9013.
What type of attack can exploit CVE-2016-9013?
CVE-2016-9013 can be exploited by remote attackers to gain unauthorized access to the Oracle database.
Is CVE-2016-9013 specific to any database type?
Yes, CVE-2016-9013 specifically involves a vulnerability in Django when used with an Oracle database.

agent/type
agent/severity
agent/weakness
agent/description
agent/author
collector/mitre-cve
source/MITRE
agent/first-publish-date
agent/event
collector/github-advisory-latest
source/GitHub
alias/GHSA-mv8g-fhh6-6267
alias/CVE-2016-9013
agent/software-canonical-lookup
agent/references
agent/last-modified-date
collector/github-advisory
agent/trending
agent/source
agent/softwarecombine
agent/tags
collector/nvd-cve
source/NVD
agent/software-canonical-lookup-request
collector/nvd-index
package-manager/pip
vendor/djangoproject
canonical/djangoproject django
version/djangoproject django/1.10
version/djangoproject django/1.10.1
version/djangoproject django/1.10.2
vendor/canonical
canonical/ubuntu
version/ubuntu/12.04
version/ubuntu/14.04
version/ubuntu/16.04
version/ubuntu/16.10
version/djangoproject django/1.9
version/djangoproject django/1.9.1
version/djangoproject django/1.9.2
version/djangoproject django/1.9.3
version/djangoproject django/1.9.4
version/djangoproject django/1.9.5
version/djangoproject django/1.9.6
version/djangoproject django/1.9.7
version/djangoproject django/1.9.8
version/djangoproject django/1.9.9
version/djangoproject django/1.9.10
version/djangoproject django/1.8
version/djangoproject django/1.8.1
version/djangoproject django/1.8.2
version/djangoproject django/1.8.3
version/djangoproject django/1.8.4
version/djangoproject django/1.8.5
version/djangoproject django/1.8.6
version/djangoproject django/1.8.7
version/djangoproject django/1.8.8
version/djangoproject django/1.8.9
version/djangoproject django/1.8.10
version/djangoproject django/1.8.11
version/djangoproject django/1.8.12
version/djangoproject django/1.8.13
version/djangoproject django/1.8.14
version/djangoproject django/1.8.15
vendor/fedoraproject
canonical/fedora
version/fedora/24
version/fedora/25