Moderate severity vulnerability that affects django
2018-07-23T19:51:19
ID GHSA-H95J-H2RV-QRG4 Type github Reporter GitHub Advisory Database Modified 2019-07-03T21:02:01
Description
The CSRF protection mechanism in Django through 1.2.7 and 1.3.x through 1.3.1 does not properly handle web-server configurations supporting arbitrary HTTP Host headers, which allows remote attackers to trigger unauthenticated forged requests via vectors involving a DNS CNAME record and a web page containing JavaScript code.
{"id": "GHSA-H95J-H2RV-QRG4", "bulletinFamily": "software", "title": "Moderate severity vulnerability that affects django", "description": "The CSRF protection mechanism in Django through 1.2.7 and 1.3.x through 1.3.1 does not properly handle web-server configurations supporting arbitrary HTTP Host headers, which allows remote attackers to trigger unauthenticated forged requests via vectors involving a DNS CNAME record and a web page containing JavaScript code.", "published": "2018-07-23T19:51:19", "modified": "2019-07-03T21:02:01", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "https://github.com/advisories/GHSA-h95j-h2rv-qrg4", "reporter": "GitHub Advisory Database", "references": ["https://nvd.nist.gov/vuln/detail/CVE-2011-4140", "https://github.com/advisories/GHSA-h95j-h2rv-qrg4"], "cvelist": ["CVE-2011-4140"], "type": "github", "lastseen": "2020-03-10T23:26:15", "edition": 2, "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2011-4140"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231070548", "OPENVAS:70548"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-2332.NASL", "OPENSUSE-2012-294.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2332-1:3B784"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12022"]}, {"type": "github", "idList": ["GHSA-H95J-H2RV-QRG4"]}], "modified": "2020-03-10T23:26:15", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2020-03-10T23:26:15", "rev": 2}, "vulnersScore": 6.6}, "affectedSoftware": [{"name": "django", "operator": "lt", "version": "1.3.1"}, {"name": "django", "operator": "lt", "version": "1.2.7"}], "scheme": null}
{"cve": [{"lastseen": "2020-12-09T19:39:11", "description": "The CSRF protection mechanism in Django through 1.2.7 and 1.3.x through 1.3.1 does not properly handle web-server configurations supporting arbitrary HTTP Host headers, which allows remote attackers to trigger unauthenticated forged requests via vectors involving a DNS CNAME record and a web page containing JavaScript code.", "edition": 5, "cvss3": {}, "published": "2011-10-19T10:55:00", "title": "CVE-2011-4140", "type": "cve", "cwe": ["CWE-352"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4140"], "modified": "2018-01-18T02:29:00", "cpe": ["cpe:/a:djangoproject:django:1.3", "cpe:/a:djangoproject:django:1.2.1", "cpe:/a:djangoproject:django:1.0", "cpe:/a:djangoproject:django:1.2.3", "cpe:/a:djangoproject:django:1.1.3", "cpe:/a:djangoproject:django:1.1.0", "cpe:/a:djangoproject:django:1.2", "cpe:/a:djangoproject:django:1.2.5", "cpe:/a:djangoproject:django:0.95.1", "cpe:/a:djangoproject:django:1.2.2", "cpe:/a:djangoproject:django:1.1.2", "cpe:/a:djangoproject:django:1.2.6", "cpe:/a:djangoproject:django:0.95", "cpe:/a:djangoproject:django:1.0.2", "cpe:/a:djangoproject:django:0.91", "cpe:/a:djangoproject:django:1.1", "cpe:/a:djangoproject:django:1.0.1", "cpe:/a:djangoproject:django:1.2.4", "cpe:/a:djangoproject:django:0.96"], "id": "CVE-2011-4140", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4140", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:djangoproject:django:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:0.91:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.2.1:2:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:0.95:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:0.96:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.3:alpha2:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.3:alpha1:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.2:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.3:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:0.95.1:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.2.2:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-07-24T12:50:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4136", "CVE-2011-4137", "CVE-2011-4140", "CVE-2011-4138", "CVE-2011-4139"], "description": "The remote host is missing an update to python-django\nannounced via advisory DSA 2332-1.", "modified": "2017-07-07T00:00:00", "published": "2012-02-11T00:00:00", "id": "OPENVAS:70548", "href": "http://plugins.openvas.org/nasl.php?oid=70548", "type": "openvas", "title": "Debian Security Advisory DSA 2332-1 (python-django)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2332_1.nasl 6612 2017-07-07 12:08:03Z cfischer $\n# Description: Auto-generated from advisory DSA 2332-1 (python-django)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Paul McMillan, Mozilla and the Django core team discovered several\nvulnerabilities in Django, a Python web framework:\n\nCVE-2011-4136\n\nWhen using memory-based sessions and caching, Django sessions are\nstored directly in the root namespace of the cache. When user data is\nstored in the same cache, a remote user may take over a session.\n\nCVE-2011-4137, CVE-2011-4138\n\nDjango's field type URLfield by default checks supplied URL's by\nissuing a request to it, which doesn't time out. A Denial of Service\nis possible by supplying specially prepared URL's that keep the\nconnection open indefinitely or fill the Django's server memory.\n\nCVE-2011-4139\n\nDjango used X-Forwarded-Host headers to construct full URL's. This\nheader may not contain trusted input and could be used to poison the\ncache.\n\nCVE-2011-4140\n\nThe CSRF protection mechanism in Django does not properly handle\nweb-server configurations supporting arbitrary HTTP Host headers,\nwhich allows remote attackers to trigger unauthenticated forged\nrequests.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.0.2-1+lenny3.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.2.3-3+squeeze2.\n\nFor the testing (wheezy) and unstable distribution (sid), this problem\nhas been fixed in version 1.3.1-1.\n\nWe recommend that you upgrade your python-django packages.\";\ntag_summary = \"The remote host is missing an update to python-django\nannounced via advisory DSA 2332-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202332-1\";\n\nif(description)\n{\n script_id(70548);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-4136\", \"CVE-2011-4137\", \"CVE-2011-4138\", \"CVE-2011-4139\", \"CVE-2011-4140\");\n script_version(\"$Revision: 6612 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:03 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-11 02:27:22 -0500 (Sat, 11 Feb 2012)\");\n script_name(\"Debian Security Advisory DSA 2332-1 (python-django)\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"python-django\", ver:\"1.0.2-1+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-django\", ver:\"1.2.3-3+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-django-doc\", ver:\"1.2.3-3+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4136", "CVE-2011-4137", "CVE-2011-4140", "CVE-2011-4138", "CVE-2011-4139"], "description": "The remote host is missing an update to python-django\nannounced via advisory DSA 2332-1.", "modified": "2019-03-18T00:00:00", "published": "2012-02-11T00:00:00", "id": "OPENVAS:136141256231070548", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070548", "type": "openvas", "title": "Debian Security Advisory DSA 2332-1 (python-django)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2332_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2332-1 (python-django)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70548\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-4136\", \"CVE-2011-4137\", \"CVE-2011-4138\", \"CVE-2011-4139\", \"CVE-2011-4140\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-11 02:27:22 -0500 (Sat, 11 Feb 2012)\");\n script_name(\"Debian Security Advisory DSA 2332-1 (python-django)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(5|6)\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202332-1\");\n script_tag(name:\"insight\", value:\"Paul McMillan, Mozilla and the Django core team discovered several\nvulnerabilities in Django, a Python web framework:\n\nCVE-2011-4136\n\nWhen using memory-based sessions and caching, Django sessions are\nstored directly in the root namespace of the cache. When user data is\nstored in the same cache, a remote user may take over a session.\n\nCVE-2011-4137, CVE-2011-4138\n\nDjango's field type URLfield by default checks supplied URL's by\nissuing a request to it, which doesn't time out. A Denial of Service\nis possible by supplying specially prepared URL's that keep the\nconnection open indefinitely or fill the Django's server memory.\n\nCVE-2011-4139\n\nDjango used X-Forwarded-Host headers to construct full URL's. This\nheader may not contain trusted input and could be used to poison the\ncache.\n\nCVE-2011-4140\n\nThe CSRF protection mechanism in Django does not properly handle\nweb-server configurations supporting arbitrary HTTP Host headers,\nwhich allows remote attackers to trigger unauthenticated forged\nrequests.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.0.2-1+lenny3.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.2.3-3+squeeze2.\n\nFor the testing (wheezy) and unstable distribution (sid), this problem\nhas been fixed in version 1.3.1-1.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your python-django packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to python-django\nannounced via advisory DSA 2332-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"python-django\", ver:\"1.0.2-1+lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-django\", ver:\"1.2.3-3+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-django-doc\", ver:\"1.2.3-3+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2020-11-11T13:30:13", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4136", "CVE-2011-4137", "CVE-2011-4140", "CVE-2011-4138", "CVE-2011-4139"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2332-1 security@debian.org\nhttp://www.debian.org/security/ Thijs Kinkhorst\nOctober 29, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : python-django\nVulnerability : several issues\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-4136 CVE-2011-4137 CVE-2011-4138 CVE-2011-4139 \n CVE-2011-4140 \nDebian Bug : 641405\n\nPaul McMillan, Mozilla and the Django core team discovered several\nvulnerabilities in Django, a Python web framework:\n\nCVE-2011-4136\n\n When using memory-based sessions and caching, Django sessions are\n stored directly in the root namespace of the cache. When user data is\n stored in the same cache, a remote user may take over a session.\n\nCVE-2011-4137, CVE-2011-4138\n\n Django's field type URLfield by default checks supplied URL's by\n issuing a request to it, which doesn't time out. A Denial of Service\n is possible by supplying specially prepared URL's that keep the\n connection open indefinately or fill the Django's server memory.\n\nCVE-2011-4139\n\n Django used X-Forwarded-Host headers to construct full URL's. This\n header may not contain trusted input and could be used to poison the\n cache.\n\nCVE-2011-4140\n\n The CSRF protection mechanism in Django does not properly handle\n web-server configurations supporting arbitrary HTTP Host headers,\n which allows remote attackers to trigger unauthenticated forged\n requests.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.0.2-1+lenny3.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.2.3-3+squeeze2.\n\nFor the testing (wheezy) and unstable distribution (sid), this problem\nhas been fixed in version 1.3.1-1.\n\nWe recommend that you upgrade your python-django packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 7, "modified": "2011-10-29T05:51:20", "published": "2011-10-29T05:51:20", "id": "DEBIAN:DSA-2332-1:3B784", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00209.html", "title": "[SECURITY] [DSA 2332-1] python-django security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-12T09:47:05", "description": "Paul McMillan, Mozilla and the Django core team discovered several\nvulnerabilities in Django, a Python web framework :\n\n - CVE-2011-4136\n When using memory-based sessions and caching, Django\n sessions are stored directly in the root namespace of\n the cache. When user data is stored in the same cache, a\n remote user may take over a session.\n\n - CVE-2011-4137, CVE-2011-4138\n Django's field type URLfield by default checks supplied\n URL's by issuing a request to it, which doesn't time\n out. A Denial of Service is possible by supplying\n specially prepared URL's that keep the connection open\n indefinately or fill the Django's server memory.\n\n - CVE-2011-4139\n Django used X-Forwarded-Host headers to construct full\n URL's. This header may not contain trusted input and\n could be used to poison the cache.\n\n - CVE-2011-4140\n The CSRF protection mechanism in Django does not\n properly handle web-server configurations supporting\n arbitrary HTTP Host headers, which allows remote\n attackers to trigger unauthenticated forged requests.", "edition": 17, "published": "2011-10-31T00:00:00", "title": "Debian DSA-2332-1 : python-django - several issues", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4136", "CVE-2011-4137", "CVE-2011-4140", "CVE-2011-4138", "CVE-2011-4139"], "modified": "2011-10-31T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "cpe:/o:debian:debian_linux:5.0", "p-cpe:/a:debian:debian_linux:python-django"], "id": "DEBIAN_DSA-2332.NASL", "href": "https://www.tenable.com/plugins/nessus/56671", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2332. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56671);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-4136\", \"CVE-2011-4137\", \"CVE-2011-4138\", \"CVE-2011-4139\", \"CVE-2011-4140\");\n script_bugtraq_id(49573);\n script_xref(name:\"DSA\", value:\"2332\");\n\n script_name(english:\"Debian DSA-2332-1 : python-django - several issues\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Paul McMillan, Mozilla and the Django core team discovered several\nvulnerabilities in Django, a Python web framework :\n\n - CVE-2011-4136\n When using memory-based sessions and caching, Django\n sessions are stored directly in the root namespace of\n the cache. When user data is stored in the same cache, a\n remote user may take over a session.\n\n - CVE-2011-4137, CVE-2011-4138\n Django's field type URLfield by default checks supplied\n URL's by issuing a request to it, which doesn't time\n out. A Denial of Service is possible by supplying\n specially prepared URL's that keep the connection open\n indefinately or fill the Django's server memory.\n\n - CVE-2011-4139\n Django used X-Forwarded-Host headers to construct full\n URL's. This header may not contain trusted input and\n could be used to poison the cache.\n\n - CVE-2011-4140\n The CSRF protection mechanism in Django does not\n properly handle web-server configurations supporting\n arbitrary HTTP Host headers, which allows remote\n attackers to trigger unauthenticated forged requests.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641405\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-4136\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-4137\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-4138\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-4139\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-4140\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/python-django\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2011/dsa-2332\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the python-django packages.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.0.2-1+lenny3.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.2.3-3+squeeze2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python-django\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"python-django\", reference:\"1.0.2-1+lenny3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"python-django\", reference:\"1.2.3-3+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"python-django-doc\", reference:\"1.2.3-3+squeeze2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T12:25:09", "description": "python-django update version to 1.2.7 fixes several security issues\nincluding denial of service, CSRF and information leaks:\nhttps://www.djangoproject.com/weblog/2011/sep/10/127/", "edition": 19, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : python-django (openSUSE-SU-2012:0653-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4136", "CVE-2011-4137", "CVE-2011-4140", "CVE-2011-4138", "CVE-2011-4139"], "modified": "2014-06-13T00:00:00", "cpe": ["cpe:/o:novell:opensuse:11.4", "p-cpe:/a:novell:opensuse:python-django"], "id": "OPENSUSE-2012-294.NASL", "href": "https://www.tenable.com/plugins/nessus/74633", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-294.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74633);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-4136\", \"CVE-2011-4137\", \"CVE-2011-4138\", \"CVE-2011-4139\", \"CVE-2011-4140\");\n\n script_name(english:\"openSUSE Security Update : python-django (openSUSE-SU-2012:0653-1)\");\n script_summary(english:\"Check for the openSUSE-2012-294 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"python-django update version to 1.2.7 fixes several security issues\nincluding denial of service, CSRF and information leaks:\nhttps://www.djangoproject.com/weblog/2011/sep/10/127/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=718045\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-05/msg00037.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.djangoproject.com/weblog/2011/sep/10/127/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python-django package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-django\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"python-django-1.2.7-6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-django\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:44", "bulletinFamily": "software", "cvelist": ["CVE-2011-4136", "CVE-2011-1359", "CVE-2011-4074", "CVE-2011-4137", "CVE-2011-2773", "CVE-2011-4140", "CVE-2011-2772", "CVE-2011-4138", "CVE-2011-4075", "CVE-2011-2688", "CVE-2011-2771", "CVE-2011-4139"], "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "edition": 1, "modified": "2011-11-06T00:00:00", "published": "2011-11-06T00:00:00", "id": "SECURITYVULNS:VULN:12022", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12022", "title": "Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
