vulnerability
FreeBSD: VID-b805d7b4-9c0c-11e9-97f0-000c29e96db4 (CVE-2019-12781): Django -- Incorrect HTTP detection with reverse-proxy connecting via HTTPS
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:P/I:N/A:N) | Jul 1, 2019 | Jul 2, 2019 | Dec 10, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
Jul 1, 2019
Added
Jul 2, 2019
Modified
Dec 10, 2025
Description
Django security releases issued: When deployed behind a reverse-proxy connecting to Django via HTTPS, django.http.HttpRequest.scheme would incorrectly detect client requests made via HTTP as using HTTPS. This entails incorrect results for is_secure(), and build_absolute_uri(), and that HTTP requests would not be redirected to HTTPS in accordance with SECURE_SSL_REDIRECT.
Solutions
freebsd-upgrade-package-py27-django111freebsd-upgrade-package-py35-django111freebsd-upgrade-package-py36-django111freebsd-upgrade-package-py37-django111freebsd-upgrade-package-py35-django21freebsd-upgrade-package-py36-django21freebsd-upgrade-package-py37-django21freebsd-upgrade-package-py35-django22freebsd-upgrade-package-py36-django22freebsd-upgrade-package-py37-django22
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.