The Django development framework multiple security vulnerabilities-vulnerability warning-the black bar safety net

ID MYHACK58:62201131883
Type myhack58
Reporter 佚名
Modified 2011-09-21T00:00:00


Affected version:

Django 1.2.5 Django 1.3 beta 1 Django 1.2.4 Django 1.2.2 Django 1.2

Vulnerability description:

Django is an open source Web application framework made of Python written. Django there are multiple security vulnerabilities, allow an attacker to obtain sensitive information, manipulate data, cache Poison attacks or denial of service attacks. 1)when using a cache backend for django. contrib. sessions in the treatment sessions there is an error, may be utilized for operation of the session information. To be successful exploits need to known the session KEY and the application allows an attacker to use a valid session KEY to store the Dictionary of the class object to the buffer. 2)Django's model system includes a field type -- URLField –for check the value provided whether it is a legitimate URL, and if the Boolean keyword argument verify_exists is true, attempts to check the URL provided and parsing. By default, the underlying socket has no timeout set, an attacker could exploit this vulnerability by sending a specially-crafted URL to consume all the server memory, cause a denial of service attack. 3)When verification provided to the”URLField”field type the URLs processing the redirect response there is an error, the attacker can use this vulnerability to redirect the response back to the”file://” URL, you can determine on the server whether local files exist. 4)when generating a redirect response to the full path to the URL when processing the”X-Forwarded-Host” HTTP header there is an error, the attacker can use this vulnerability to cache Poison attack.