Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2021 Tenable Network Security, Inc.DEBIAN_DLA-301.NASL
HistoryAug 27, 2015 - 12:00 a.m.

Debian DLA-301-1 : python-django security update

2015-08-2700:00:00
This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.
www.tenable.com
9
JSON

denial of service possibility in logout() view by filling session store

Previously, a session could be created when anonymously accessing the django.contrib.auth.views.logout view (provided it wasn’t decorated with django.contrib.auth.decorators.login_required as done in the admin). This could allow an attacker to easily create many new session records by sending repeated requests, potentially filling up the session store or causing other users’ session records to be evicted.

The django.contrib.sessions.middleware.SessionMiddleware has been modified to no longer create empty session records.

This portion of the fix has been assigned CVE-2015-5963.

Additionally, the contrib.sessions.backends.base.SessionBase.flush() and cache_db.SessionStore.flush() methods have been modified to avoid creating a new empty session. Maintainers of third-party session backends should check if the same vulnerability is present in their backend and correct it if so.

This portion of the fix has been assigned CVE-2015-5964.

We recommend that you upgrade your python-django packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DLA-301-1. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(85656);
  script_version("2.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2015-5963", "CVE-2015-5964");

  script_name(english:"Debian DLA-301-1 : python-django security update");
  script_summary(english:"Checks dpkg output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"denial of service possibility in logout() view by filling session
store

Previously, a session could be created when anonymously accessing the
django.contrib.auth.views.logout view (provided it wasn't decorated
with django.contrib.auth.decorators.login_required as done in the
admin). This could allow an attacker to easily create many new session
records by sending repeated requests, potentially filling up the
session store or causing other users' session records to be evicted.

The django.contrib.sessions.middleware.SessionMiddleware has been
modified to no longer create empty session records.

This portion of the fix has been assigned CVE-2015-5963.

Additionally, the contrib.sessions.backends.base.SessionBase.flush()
and cache_db.SessionStore.flush() methods have been modified to avoid
creating a new empty session. Maintainers of third-party session
backends should check if the same vulnerability is present in their
backend and correct it if so.

This portion of the fix has been assigned CVE-2015-5964.

We recommend that you upgrade your python-django packages.

NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.debian.org/debian-lts-announce/2015/08/msg00016.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/squeeze-lts/python-django"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Upgrade the affected python-django, and python-django-doc packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python-django");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python-django-doc");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2015/08/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/08/27");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"6.0", prefix:"python-django", reference:"1.2.3-3+squeeze14")) flag++;
if (deb_check(release:"6.0", prefix:"python-django-doc", reference:"1.2.3-3+squeeze14")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linuxpython-djangop-cpe:/a:debian:debian_linux:python-django
debiandebian_linuxpython-django-docp-cpe:/a:debian:debian_linux:python-django-doc
debiandebian_linux6.0cpe:/o:debian:debian_linux:6.0

Related

nessus 8
debian 2
redhat 4
osv 4
securityvulns 2
openvas 6
freebsd 1
mageia 1
ubuntu 1
fedora 2
altlinux 2
github 1
debiancve 2
archlinux 1
ubuntucve 2
prion 2
cve 2
veracode 1
nessus
nessus
FreeBSD : django -- multiple vulnerabilities (b0e54dc1-45d2-11e5-adde-14dae9d210b8)
2015-08-19 00:00:00
Ubuntu 14.04 LTS : Django vulnerability (USN-2720-1)
2015-08-19 00:00:00
RHEL 7 : python-django (RHSA-2015:1894)
2024-04-21 00:00:00
debian
debian
[SECURITY] [DLA 301-1] python-django security update
2015-08-26 17:54:13
[SECURITY] [DSA 3338-1] python-django security update
2015-08-18 18:27:49
redhat
redhat
(RHSA-2015:1767) Moderate: python-django security update
2015-09-10 00:00:00
(RHSA-2015:1894) Moderate: python-django security update
2015-10-15 00:00:00
(RHSA-2015:1766) Moderate: python-django security update
2015-09-10 11:40:42
osv
osv
python-django - security update
2015-08-26 00:00:00
PYSEC-2015-22
2015-08-24 14:59:00
Django denial of service via empty session record creation
2022-05-17 00:36:02
securityvulns
securityvulns
[USN-2720-1] Django vulnerability
2015-08-24 00:00:00
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2015-08-24 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-301-1)
2023-03-08 00:00:00
Ubuntu: Security Advisory (USN-2720-1)
2015-08-20 00:00:00
Debian Security Advisory DSA 3338-1 (python-django - security update)
2015-08-18 00:00:00
freebsd
freebsd
django -- multiple vulnerabilities
2015-08-18 00:00:00
mageia
mageia
Updated python-django and python-django14 packages fix security vulnerabilities
2015-08-27 23:49:46
ubuntu
ubuntu
Django vulnerability
2015-08-18 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: python-django-1.8.7-1.fc22
2015-12-31 01:53:36
[SECURITY] Fedora 23 Update: python-django-1.8.6-1.fc23
2015-11-19 10:11:46
altlinux
altlinux
Security fix for the ALT Linux 10 package python3-module-django version 1.8.5-alt1
2015-10-13 00:00:00
Security fix for the ALT Linux 9 package python3-module-django version 1.8.5-alt1
2015-10-13 00:00:00
github
github
Django denial of service via empty session record creation
2022-05-17 00:36:02
debiancve
debiancve
CVE-2015-5963
2015-08-24 14:59:00
CVE-2015-5964
2015-08-24 14:59:00
archlinux
archlinux
python-django, python2-django: denial of service
2015-08-25 00:00:00
ubuntucve
ubuntucve
CVE-2015-5963
2015-08-18 00:00:00
CVE-2015-5964
2015-08-18 00:00:00
prion
prion
Code injection
2015-08-24 14:59:00
Session fixation
2015-08-24 14:59:00
cve
cve
CVE-2015-5963
2015-08-24 14:59:00
CVE-2015-5964
2015-08-24 14:59:00
veracode
veracode
Denial Of Service (DoS) Session Store Consumption Or Session Record Removal
2019-01-15 09:07:44
JSON
Related for DEBIAN_DLA-301.NASL
nessus8debian2redhat4osv4securityvulns2openvas6freebsd1mageia1ubuntu1fedora2altlinux2github1debiancve2archlinux1ubuntucve2prion2cve2veracode1