Lucene search

[email protected]CVE-2011-0698

HistoryFeb 14, 2011 - 9:00 p.m.

CVE-2011-0698

2011-02-1421:00:03

CWE-22

[email protected]

web.nvd.nist.gov

cve-2011-0698

directory traversal vulnerability

django

windows

remote attackers

session cookie

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

Low

0.017 Low

EPSS

Percentile

87.8%

JSON

Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 on Windows might allow remote attackers to read or execute files via a / (slash) character in a key in a session cookie, related to session replays.

Affected configurations

NVD

Node

djangoprojectdjangoMatch1.1

djangoprojectdjangoMatch1.1.0

djangoprojectdjangoMatch1.1.2

djangoprojectdjangoMatch1.1.3

AND

microsoftwindows

Node

djangoprojectdjangoMatch1.2

djangoprojectdjangoMatch1.2.1

djangoprojectdjangoMatch1.2.2

djangoprojectdjangoMatch1.2.3

djangoprojectdjangoMatch1.2.4

AND

microsoftwindows

CPENameOperatorVersion
djangoproject:djangodjangoproject djangoeq1.1
djangoproject:djangodjangoproject djangoeq1.1.0
djangoproject:djangodjangoproject djangoeq1.1.2
djangoproject:djangodjangoproject djangoeq1.1.3

CPE	Name	Operator	Version
djangoproject:django	djangoproject django	eq	1.1
djangoproject:django	djangoproject django	eq	1.1.0
djangoproject:django	djangoproject django	eq	1.1.2
djangoproject:django	djangoproject django	eq	1.1.3