ID DEBIANCVE:CVE-2011-4139 Type debiancve Reporter Debian Security Bug Tracker Modified 2011-10-19T10:55:00
Description
Django before 1.2.7 and 1.3.x before 1.3.1 uses a request's HTTP Host header to construct a full URL in certain circumstances, which allows remote attackers to conduct cache poisoning attacks via a crafted request.
{"ubuntucve": [{"lastseen": "2021-11-22T21:56:10", "description": "Django before 1.2.7 and 1.3.x before 1.3.1 uses a request's HTTP Host\nheader to construct a full URL in certain circumstances, which allows\nremote attackers to conduct cache poisoning attacks via a crafted request.", "cvss3": {}, "published": "2011-10-19T00:00:00", "type": "ubuntucve", "title": "CVE-2011-4139", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4139"], "modified": "2011-10-19T00:00:00", "id": "UB:CVE-2011-4139", "href": "https://ubuntu.com/security/CVE-2011-4139", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "osv": [{"lastseen": "2022-05-12T01:09:40", "description": "Django before 1.2.7 and 1.3.x before 1.3.1 uses a request's HTTP Host header to construct a full URL in certain circumstances, which allows remote attackers to conduct cache poisoning attacks via a crafted request.", "cvss3": {}, "published": "2011-10-19T10:55:00", "type": "osv", "title": "PYSEC-2011-4", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4139"], "modified": "2021-07-05T00:01:18", "id": "OSV:PYSEC-2011-4", "href": "https://osv.dev/vulnerability/PYSEC-2011-4", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "cve": [{"lastseen": "2022-03-23T12:38:38", "description": "Django before 1.2.7 and 1.3.x before 1.3.1 uses a request's HTTP Host header to construct a full URL in certain circumstances, which allows remote attackers to conduct cache poisoning attacks via a crafted request.", "cvss3": {}, "published": "2011-10-19T10:55:00", "type": "cve", "title": "CVE-2011-4139", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4139"], "modified": "2018-01-18T02:29:00", "cpe": ["cpe:/a:djangoproject:django:0.96", "cpe:/a:djangoproject:django:1.1.0", "cpe:/a:djangoproject:django:1.2", "cpe:/a:djangoproject:django:1.2.6", "cpe:/a:djangoproject:django:1.2.3", "cpe:/a:djangoproject:django:1.0.1", "cpe:/a:djangoproject:django:1.3", "cpe:/a:djangoproject:django:1.2.4", "cpe:/a:djangoproject:django:1.1", "cpe:/a:djangoproject:django:1.2.1", "cpe:/a:djangoproject:django:1.0.2", "cpe:/a:djangoproject:django:0.91", "cpe:/a:djangoproject:django:1.1.2", "cpe:/a:djangoproject:django:1.2.5", "cpe:/a:djangoproject:django:0.95.1", "cpe:/a:djangoproject:django:1.0", "cpe:/a:djangoproject:django:0.95", "cpe:/a:djangoproject:django:1.2.2", "cpe:/a:djangoproject:django:1.1.3"], "id": "CVE-2011-4139", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4139", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:djangoproject:django:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.3:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.2:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:0.91:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:0.96:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.3:alpha1:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.3:alpha2:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.2.1:2:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:0.95.1:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:0.95:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.1.3:*:*:*:*:*:*:*"]}], "ubuntu": [{"lastseen": "2022-01-04T13:09:01", "description": "Pall McMillan discovered that Django used the root namespace when storing \ncached session data. A remote attacker could exploit this to modify \nsessions. (CVE-2011-4136)\n\nPaul McMillan discovered that Django would not timeout on arbitrary URLs \nwhen the application used URLFields. This could be exploited by a remote \nattacker to cause a denial of service via resource exhaustion. \n(CVE-2011-4137)\n\nPaul McMillan discovered that while Django would check the validity of a \nURL via a HEAD request, it would instead use a GET request for the target \nof a redirect. This could potentially be used to trigger arbitrary GET \nrequests via a crafted Location header. (CVE-2011-4138)\n\nIt was discovered that Django would sometimes use a request's HTTP Host \nheader to construct a full URL. A remote attacker could exploit this to \nconduct host header cache poisoning attacks via a crafted request. \n(CVE-2011-4139)\n", "cvss3": {}, "published": "2011-12-09T00:00:00", "type": "ubuntu", "title": "Django vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4136", "CVE-2011-4138", "CVE-2011-4139", "CVE-2011-4137"], "modified": "2011-12-09T00:00:00", "id": "USN-1297-1", "href": "https://ubuntu.com/security/notices/USN-1297-1", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:39:43", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1297-1", "cvss3": {}, "published": "2011-12-09T00:00:00", "type": "openvas", "title": "Ubuntu Update for python-django USN-1297-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4136", "CVE-2011-4137", "CVE-2011-4138", "CVE-2011-4139"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840830", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840830", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1297_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for python-django USN-1297-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1297-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840830\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-09 10:52:57 +0530 (Fri, 09 Dec 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_xref(name:\"USN\", value:\"1297-1\");\n script_cve_id(\"CVE-2011-4136\", \"CVE-2011-4137\", \"CVE-2011-4138\", \"CVE-2011-4139\");\n script_name(\"Ubuntu Update for python-django USN-1297-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.10|10\\.04 LTS|11\\.04)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1297-1\");\n script_tag(name:\"affected\", value:\"python-django on Ubuntu 11.04,\n Ubuntu 10.10,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Pall McMillan discovered that Django used the root namespace when storing\n cached session data. A remote attacker could exploit this to modify\n sessions. (CVE-2011-4136)\n\n Paul McMillan discovered that Django would not timeout on arbitrary URLs\n when the application used URLFields. This could be exploited by a remote\n attacker to cause a denial of service via resource exhaustion.\n (CVE-2011-4137)\n\n Paul McMillan discovered that while Django would check the validity of a\n URL via a HEAD request, it would instead use a GET request for the target\n of a redirect. This could potentially be used to trigger arbitrary GET\n requests via a crafted Location header. (CVE-2011-4138)\n\n It was discovered that Django would sometimes use a request's HTTP Host\n header to construct a full URL. A remote attacker could exploit this to\n conduct host header cache poisoning attacks via a crafted request.\n (CVE-2011-4139)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python-django\", ver:\"1.2.3-1ubuntu0.2.10.10.3\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python-django\", ver:\"1.1.1-2ubuntu1.4\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python-django\", ver:\"1.2.5-1ubuntu1.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2017-12-04T11:26:58", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1297-1", "cvss3": {}, "published": "2011-12-09T00:00:00", "type": "openvas", "title": "Ubuntu Update for python-django USN-1297-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4136", "CVE-2011-4137", "CVE-2011-4138", "CVE-2011-4139"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840830", "href": "http://plugins.openvas.org/nasl.php?oid=840830", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1297_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for python-django USN-1297-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Pall McMillan discovered that Django used the root namespace when storing\n cached session data. A remote attacker could exploit this to modify\n sessions. (CVE-2011-4136)\n\n Paul McMillan discovered that Django would not timeout on arbitrary URLs\n when the application used URLFields. This could be exploited by a remote\n attacker to cause a denial of service via resource exhaustion.\n (CVE-2011-4137)\n\n Paul McMillan discovered that while Django would check the validity of a\n URL via a HEAD request, it would instead use a GET request for the target\n of a redirect. This could potentially be used to trigger arbitrary GET\n requests via a crafted Location header. (CVE-2011-4138)\n\n It was discovered that Django would sometimes use a request's HTTP Host\n header to construct a full URL. A remote attacker could exploit this to\n conduct host header cache poisoning attacks via a crafted request.\n (CVE-2011-4139)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1297-1\";\ntag_affected = \"python-django on Ubuntu 11.04 ,\n Ubuntu 10.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1297-1/\");\n script_id(840830);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-09 10:52:57 +0530 (Fri, 09 Dec 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_xref(name: \"USN\", value: \"1297-1\");\n script_cve_id(\"CVE-2011-4136\", \"CVE-2011-4137\", \"CVE-2011-4138\", \"CVE-2011-4139\");\n script_name(\"Ubuntu Update for python-django USN-1297-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python-django\", ver:\"1.2.3-1ubuntu0.2.10.10.3\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python-django\", ver:\"1.1.1-2ubuntu1.4\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python-django\", ver:\"1.2.5-1ubuntu1.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:45", "description": "The remote host is missing an update to python-django\nannounced via advisory DSA 2332-1.", "cvss3": {}, "published": "2012-02-11T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2332-1 (python-django)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4136", "CVE-2011-4137", "CVE-2011-4140", "CVE-2011-4138", "CVE-2011-4139"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:136141256231070548", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070548", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2332_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2332-1 (python-django)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70548\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-4136\", \"CVE-2011-4137\", \"CVE-2011-4138\", \"CVE-2011-4139\", \"CVE-2011-4140\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-11 02:27:22 -0500 (Sat, 11 Feb 2012)\");\n script_name(\"Debian Security Advisory DSA 2332-1 (python-django)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(5|6)\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202332-1\");\n script_tag(name:\"insight\", value:\"Paul McMillan, Mozilla and the Django core team discovered several\nvulnerabilities in Django, a Python web framework:\n\nCVE-2011-4136\n\nWhen using memory-based sessions and caching, Django sessions are\nstored directly in the root namespace of the cache. When user data is\nstored in the same cache, a remote user may take over a session.\n\nCVE-2011-4137, CVE-2011-4138\n\nDjango's field type URLfield by default checks supplied URL's by\nissuing a request to it, which doesn't time out. A Denial of Service\nis possible by supplying specially prepared URL's that keep the\nconnection open indefinitely or fill the Django's server memory.\n\nCVE-2011-4139\n\nDjango used X-Forwarded-Host headers to construct full URL's. This\nheader may not contain trusted input and could be used to poison the\ncache.\n\nCVE-2011-4140\n\nThe CSRF protection mechanism in Django does not properly handle\nweb-server configurations supporting arbitrary HTTP Host headers,\nwhich allows remote attackers to trigger unauthenticated forged\nrequests.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.0.2-1+lenny3.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.2.3-3+squeeze2.\n\nFor the testing (wheezy) and unstable distribution (sid), this problem\nhas been fixed in version 1.3.1-1.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your python-django packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to python-django\nannounced via advisory DSA 2332-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"python-django\", ver:\"1.0.2-1+lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-django\", ver:\"1.2.3-3+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-django-doc\", ver:\"1.2.3-3+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:50:33", "description": "The remote host is missing an update to python-django\nannounced via advisory DSA 2332-1.", "cvss3": {}, "published": "2012-02-11T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2332-1 (python-django)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4136", "CVE-2011-4137", "CVE-2011-4140", "CVE-2011-4138", "CVE-2011-4139"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:70548", "href": "http://plugins.openvas.org/nasl.php?oid=70548", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2332_1.nasl 6612 2017-07-07 12:08:03Z cfischer $\n# Description: Auto-generated from advisory DSA 2332-1 (python-django)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Paul McMillan, Mozilla and the Django core team discovered several\nvulnerabilities in Django, a Python web framework:\n\nCVE-2011-4136\n\nWhen using memory-based sessions and caching, Django sessions are\nstored directly in the root namespace of the cache. When user data is\nstored in the same cache, a remote user may take over a session.\n\nCVE-2011-4137, CVE-2011-4138\n\nDjango's field type URLfield by default checks supplied URL's by\nissuing a request to it, which doesn't time out. A Denial of Service\nis possible by supplying specially prepared URL's that keep the\nconnection open indefinitely or fill the Django's server memory.\n\nCVE-2011-4139\n\nDjango used X-Forwarded-Host headers to construct full URL's. This\nheader may not contain trusted input and could be used to poison the\ncache.\n\nCVE-2011-4140\n\nThe CSRF protection mechanism in Django does not properly handle\nweb-server configurations supporting arbitrary HTTP Host headers,\nwhich allows remote attackers to trigger unauthenticated forged\nrequests.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.0.2-1+lenny3.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.2.3-3+squeeze2.\n\nFor the testing (wheezy) and unstable distribution (sid), this problem\nhas been fixed in version 1.3.1-1.\n\nWe recommend that you upgrade your python-django packages.\";\ntag_summary = \"The remote host is missing an update to python-django\nannounced via advisory DSA 2332-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202332-1\";\n\nif(description)\n{\n script_id(70548);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-4136\", \"CVE-2011-4137\", \"CVE-2011-4138\", \"CVE-2011-4139\", \"CVE-2011-4140\");\n script_version(\"$Revision: 6612 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:03 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-11 02:27:22 -0500 (Sat, 11 Feb 2012)\");\n script_name(\"Debian Security Advisory DSA 2332-1 (python-django)\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"python-django\", ver:\"1.0.2-1+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-django\", ver:\"1.2.3-3+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-django-doc\", ver:\"1.2.3-3+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-08-19T12:59:26", "description": "Pall McMillan discovered that Django used the root namespace when storing cached session data. A remote attacker could exploit this to modify sessions. (CVE-2011-4136)\n\nPaul McMillan discovered that Django would not timeout on arbitrary URLs when the application used URLFields. This could be exploited by a remote attacker to cause a denial of service via resource exhaustion.\n(CVE-2011-4137)\n\nPaul McMillan discovered that while Django would check the validity of a URL via a HEAD request, it would instead use a GET request for the target of a redirect. This could potentially be used to trigger arbitrary GET requests via a crafted Location header. (CVE-2011-4138)\n\nIt was discovered that Django would sometimes use a request's HTTP Host header to construct a full URL. A remote attacker could exploit this to conduct host header cache poisoning attacks via a crafted request. (CVE-2011-4139).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2011-12-09T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : python-django vulnerabilities (USN-1297-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4136", "CVE-2011-4137", "CVE-2011-4138", "CVE-2011-4139"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:python-django", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:10.10", "cpe:/o:canonical:ubuntu_linux:11.04", "cpe:/o:canonical:ubuntu_linux:11.10"], "id": "UBUNTU_USN-1297-1.NASL", "href": "https://www.tenable.com/plugins/nessus/57061", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1297-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57061);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-4136\", \"CVE-2011-4137\", \"CVE-2011-4138\", \"CVE-2011-4139\");\n script_bugtraq_id(49573);\n script_xref(name:\"USN\", value:\"1297-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : python-django vulnerabilities (USN-1297-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Pall McMillan discovered that Django used the root namespace when\nstoring cached session data. A remote attacker could exploit this to\nmodify sessions. (CVE-2011-4136)\n\nPaul McMillan discovered that Django would not timeout on arbitrary\nURLs when the application used URLFields. This could be exploited by a\nremote attacker to cause a denial of service via resource exhaustion.\n(CVE-2011-4137)\n\nPaul McMillan discovered that while Django would check the validity of\na URL via a HEAD request, it would instead use a GET request for the\ntarget of a redirect. This could potentially be used to trigger\narbitrary GET requests via a crafted Location header. (CVE-2011-4138)\n\nIt was discovered that Django would sometimes use a request's HTTP\nHost header to construct a full URL. A remote attacker could exploit\nthis to conduct host header cache poisoning attacks via a crafted\nrequest. (CVE-2011-4139).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1297-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python-django package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python-django\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/10/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|10\\.10|11\\.04|11\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 10.10 / 11.04 / 11.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"python-django\", pkgver:\"1.1.1-2ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"python-django\", pkgver:\"1.2.3-1ubuntu0.2.10.10.3\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"python-django\", pkgver:\"1.2.5-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"python-django\", pkgver:\"1.3-2ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-django\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-08-19T12:49:48", "description": "python-django update version to 1.2.7 fixes several security issues including denial of service, CSRF and information leaks:\nhttps://www.djangoproject.com/weblog/2011/sep/10/127/", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : python-django (openSUSE-SU-2012:0653-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4136", "CVE-2011-4137", "CVE-2011-4138", "CVE-2011-4139", "CVE-2011-4140"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:python-django", "cpe:/o:novell:opensuse:11.4"], "id": "OPENSUSE-2012-294.NASL", "href": "https://www.tenable.com/plugins/nessus/74633", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-294.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74633);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-4136\", \"CVE-2011-4137\", \"CVE-2011-4138\", \"CVE-2011-4139\", \"CVE-2011-4140\");\n\n script_name(english:\"openSUSE Security Update : python-django (openSUSE-SU-2012:0653-1)\");\n script_summary(english:\"Check for the openSUSE-2012-294 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"python-django update version to 1.2.7 fixes several security issues\nincluding denial of service, CSRF and information leaks:\nhttps://www.djangoproject.com/weblog/2011/sep/10/127/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=718045\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-05/msg00037.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.djangoproject.com/weblog/2011/sep/10/127/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python-django package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-django\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"python-django-1.2.7-6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-django\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-24T16:00:42", "description": "Paul McMillan, Mozilla and the Django core team discovered several vulnerabilities in Django, a Python web framework :\n\n - CVE-2011-4136 When using memory-based sessions and caching, Django sessions are stored directly in the root namespace of the cache. When user data is stored in the same cache, a remote user may take over a session.\n\n - CVE-2011-4137, CVE-2011-4138 Django's field type URLfield by default checks supplied URL's by issuing a request to it, which doesn't time out. A Denial of Service is possible by supplying specially prepared URL's that keep the connection open indefinately or fill the Django's server memory.\n\n - CVE-2011-4139 Django used X-Forwarded-Host headers to construct full URL's. This header may not contain trusted input and could be used to poison the cache.\n\n - CVE-2011-4140 The CSRF protection mechanism in Django does not properly handle web-server configurations supporting arbitrary HTTP Host headers, which allows remote attackers to trigger unauthenticated forged requests.", "cvss3": {"score": null, "vector": null}, "published": "2011-10-31T00:00:00", "type": "nessus", "title": "Debian DSA-2332-1 : python-django - several issues", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4136", "CVE-2011-4137", "CVE-2011-4138", "CVE-2011-4139", "CVE-2011-4140"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:python-django", "cpe:/o:debian:debian_linux:5.0", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DSA-2332.NASL", "href": "https://www.tenable.com/plugins/nessus/56671", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2332. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56671);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-4136\", \"CVE-2011-4137\", \"CVE-2011-4138\", \"CVE-2011-4139\", \"CVE-2011-4140\");\n script_bugtraq_id(49573);\n script_xref(name:\"DSA\", value:\"2332\");\n\n script_name(english:\"Debian DSA-2332-1 : python-django - several issues\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Paul McMillan, Mozilla and the Django core team discovered several\nvulnerabilities in Django, a Python web framework :\n\n - CVE-2011-4136\n When using memory-based sessions and caching, Django\n sessions are stored directly in the root namespace of\n the cache. When user data is stored in the same cache, a\n remote user may take over a session.\n\n - CVE-2011-4137, CVE-2011-4138\n Django's field type URLfield by default checks supplied\n URL's by issuing a request to it, which doesn't time\n out. A Denial of Service is possible by supplying\n specially prepared URL's that keep the connection open\n indefinately or fill the Django's server memory.\n\n - CVE-2011-4139\n Django used X-Forwarded-Host headers to construct full\n URL's. This header may not contain trusted input and\n could be used to poison the cache.\n\n - CVE-2011-4140\n The CSRF protection mechanism in Django does not\n properly handle web-server configurations supporting\n arbitrary HTTP Host headers, which allows remote\n attackers to trigger unauthenticated forged requests.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641405\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-4136\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-4137\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-4138\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-4139\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-4140\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/python-django\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2011/dsa-2332\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the python-django packages.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.0.2-1+lenny3.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.2.3-3+squeeze2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python-django\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"python-django\", reference:\"1.0.2-1+lenny3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"python-django\", reference:\"1.2.3-3+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"python-django-doc\", reference:\"1.2.3-3+squeeze2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2021-10-22T00:10:54", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2332-1 security@debian.org\nhttp://www.debian.org/security/ Thijs Kinkhorst\nOctober 29, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : python-django\nVulnerability : several issues\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-4136 CVE-2011-4137 CVE-2011-4138 CVE-2011-4139 \n CVE-2011-4140 \nDebian Bug : 641405\n\nPaul McMillan, Mozilla and the Django core team discovered several\nvulnerabilities in Django, a Python web framework:\n\nCVE-2011-4136\n\n When using memory-based sessions and caching, Django sessions are\n stored directly in the root namespace of the cache. When user data is\n stored in the same cache, a remote user may take over a session.\n\nCVE-2011-4137, CVE-2011-4138\n\n Django's field type URLfield by default checks supplied URL's by\n issuing a request to it, which doesn't time out. A Denial of Service\n is possible by supplying specially prepared URL's that keep the\n connection open indefinately or fill the Django's server memory.\n\nCVE-2011-4139\n\n Django used X-Forwarded-Host headers to construct full URL's. This\n header may not contain trusted input and could be used to poison the\n cache.\n\nCVE-2011-4140\n\n The CSRF protection mechanism in Django does not properly handle\n web-server configurations supporting arbitrary HTTP Host headers,\n which allows remote attackers to trigger unauthenticated forged\n requests.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.0.2-1+lenny3.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.2.3-3+squeeze2.\n\nFor the testing (wheezy) and unstable distribution (sid), this problem\nhas been fixed in version 1.3.1-1.\n\nWe recommend that you upgrade your python-django packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2011-10-29T05:50:53", "type": "debian", "title": "[SECURITY] [DSA 2332-1] python-django security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4136", "CVE-2011-4137", "CVE-2011-4138", "CVE-2011-4139", "CVE-2011-4140"], "modified": "2011-10-29T05:50:53", "id": "DEBIAN:DSA-2332-1:3B784", "href": "https://lists.debian.org/debian-security-announce/2011/msg00209.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2021-06-08T18:53:59", "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "edition": 2, "cvss3": {}, "published": "2011-11-06T00:00:00", "title": "Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2011-4136", "CVE-2011-1359", "CVE-2011-4074", "CVE-2011-4137", "CVE-2011-2773", "CVE-2011-4140", "CVE-2011-2772", "CVE-2011-4138", "CVE-2011-4075", "CVE-2011-2688", "CVE-2011-2771", "CVE-2011-4139"], "modified": "2011-11-06T00:00:00", "id": "SECURITYVULNS:VULN:12022", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12022", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
