Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DSA-2332.NASL
HistoryOct 31, 2011 - 12:00 a.m.

Debian DSA-2332-1 : python-django - several issues

2011-10-3100:00:00
This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13
JSON

Paul McMillan, Mozilla and the Django core team discovered several vulnerabilities in Django, a Python web framework :

  • CVE-2011-4136 When using memory-based sessions and caching, Django sessions are stored directly in the root namespace of the cache. When user data is stored in the same cache, a remote user may take over a session.

  • CVE-2011-4137, CVE-2011-4138 Django’s field type URLfield by default checks supplied URL’s by issuing a request to it, which doesn’t time out. A Denial of Service is possible by supplying specially prepared URL’s that keep the connection open indefinately or fill the Django’s server memory.

  • CVE-2011-4139 Django used X-Forwarded-Host headers to construct full URL’s. This header may not contain trusted input and could be used to poison the cache.

  • CVE-2011-4140 The CSRF protection mechanism in Django does not properly handle web-server configurations supporting arbitrary HTTP Host headers, which allows remote attackers to trigger unauthenticated forged requests.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-2332. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(56671);
  script_version("1.10");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2011-4136", "CVE-2011-4137", "CVE-2011-4138", "CVE-2011-4139", "CVE-2011-4140");
  script_bugtraq_id(49573);
  script_xref(name:"DSA", value:"2332");

  script_name(english:"Debian DSA-2332-1 : python-django - several issues");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Paul McMillan, Mozilla and the Django core team discovered several
vulnerabilities in Django, a Python web framework :

  - CVE-2011-4136
    When using memory-based sessions and caching, Django
    sessions are stored directly in the root namespace of
    the cache. When user data is stored in the same cache, a
    remote user may take over a session.

  - CVE-2011-4137, CVE-2011-4138
    Django's field type URLfield by default checks supplied
    URL's by issuing a request to it, which doesn't time
    out. A Denial of Service is possible by supplying
    specially prepared URL's that keep the connection open
    indefinately or fill the Django's server memory.

  - CVE-2011-4139
    Django used X-Forwarded-Host headers to construct full
    URL's. This header may not contain trusted input and
    could be used to poison the cache.

  - CVE-2011-4140
    The CSRF protection mechanism in Django does not
    properly handle web-server configurations supporting
    arbitrary HTTP Host headers, which allows remote
    attackers to trigger unauthenticated forged requests."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641405"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2011-4136"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2011-4137"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2011-4138"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2011-4139"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2011-4140"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/squeeze/python-django"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.debian.org/security/2011/dsa-2332"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the python-django packages.

For the oldstable distribution (lenny), this problem has been fixed in
version 1.0.2-1+lenny3.

For the stable distribution (squeeze), this problem has been fixed in
version 1.2.3-3+squeeze2."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python-django");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:5.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2011/10/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/10/31");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"5.0", prefix:"python-django", reference:"1.0.2-1+lenny3")) flag++;
if (deb_check(release:"6.0", prefix:"python-django", reference:"1.2.3-3+squeeze2")) flag++;
if (deb_check(release:"6.0", prefix:"python-django-doc", reference:"1.2.3-3+squeeze2")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linuxpython-djangop-cpe:/a:debian:debian_linux:python-django
debiandebian_linux5.0cpe:/o:debian:debian_linux:5.0
debiandebian_linux6.0cpe:/o:debian:debian_linux:6.0

Related

openvas 4
nessus 2
debian 1
osv 11
ubuntu 1
securityvulns 1
ubuntucve 5
gitlab 5
cve 5
debiancve 5
prion 5
github 5
openvas
openvas
Debian Security Advisory DSA 2332-1 (python-django)
2012-02-11 00:00:00
Debian: Security Advisory (DSA-2332-1)
2012-02-11 00:00:00
Ubuntu Update for python-django USN-1297-1
2011-12-09 00:00:00
nessus
nessus
openSUSE Security Update : python-django (openSUSE-SU-2012:0653-1)
2014-06-13 00:00:00
Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : python-django vulnerabilities (USN-1297-1)
2011-12-09 00:00:00
debian
debian
[SECURITY] [DSA 2332-1] python-django security update
2011-10-29 05:50:53
osv
osv
python-django - several issues
2011-10-29 00:00:00
PYSEC-2011-3
2011-10-19 10:55:00
Django Might Allow CSRF Requests via URL Verification
2022-05-14 03:49:36
ubuntu
ubuntu
Django vulnerabilities
2011-12-09 00:00:00
securityvulns
securityvulns
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2011-11-06 00:00:00
ubuntucve
ubuntucve
CVE-2011-4138
2011-10-19 00:00:00
CVE-2011-4140
2011-10-19 00:00:00
CVE-2011-4136
2011-10-19 00:00:00
gitlab
gitlab
Improper Input Validation
2022-05-14 00:00:00
Improper Input Validation
2018-07-23 00:00:00
Cross-Site Request Forgery
2018-07-23 00:00:00
cve
cve
CVE-2011-4138
2011-10-19 10:55:00
CVE-2011-4136
2011-10-19 10:55:00
CVE-2011-4140
2011-10-19 10:55:00
debiancve
debiancve
CVE-2011-4138
2011-10-19 10:55:00
CVE-2011-4136
2011-10-19 10:55:00
CVE-2011-4140
2011-10-19 10:55:00
prion
prion
Design/Logic Flaw
2011-10-19 10:55:00
Design/Logic Flaw
2011-10-19 10:55:00
Cross site request forgery (csrf)
2011-10-19 10:55:00
github
github
Django Might Allow CSRF Requests via URL Verification
2022-05-14 03:49:36
Moderate severity vulnerability that affects django
2018-07-23 19:52:39
Moderate severity vulnerability that affects django
2018-07-23 19:51:19
JSON
Related for DEBIAN_DSA-2332.NASL
openvas4nessus2debian1osv11ubuntu1securityvulns1ubuntucve5gitlab5cve5debiancve5prion5github5