Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2011-0096.NASL
HistoryJan 14, 2011 - 12:00 a.m.

Fedora 13 : Django-1.2.4-1.fc13 (2011-0096)

2011-01-1400:00:00
This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
7
JSON

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2011-0096.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(51512);
  script_version("1.12");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2010-4534", "CVE-2010-4535");
  script_xref(name:"FEDORA", value:"2011-0096");

  script_name(english:"Fedora 13 : Django-1.2.4-1.fc13 (2011-0096)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"  - Mon Jan 3 2011 Steve 'Ashcrow' Milner <me at
    stevemilner.org> - 1.2.4-1

    - Update for multiple security issues (see
      http://www.djangoproject.com/weblog/2010/dec/22/securi
      ty/)

    - Sat Oct 9 2010 Steve 'Ashcrow' Milner <me at
      stevemilner.org> - 1.2.3-3

    - Now build docs for F12+

    - Added Django-remove-djangodocs-ext.patch

    - Sat Oct 9 2010 Steve 'Ashcrow' Milner <me at
      stevemilner.org> - 1.2.3-2

    - Moved to dirhtml for documentation generation

    - Mon Sep 13 2010 Steve 'Ashcrow' Milner <me at
      stevemilner.org> - 1.2.3-1

    - Update for
      http://www.djangoproject.com/weblog/2010/sep/10/123/

    - Thu Sep 9 2010 Steve 'Ashcrow' Milner <me at
      stevemilner.org> - 1.2.2-1

    - Update for CVE-2010-3082 (see
      http://www.djangoproject.com/weblog/2010/sep/08/securi
      ty-release/)

    - Removed Django-hash-compat-13310.patch as it is
      already included in this release

    - Wed Jul 21 2010 David Malcolm <dmalcolm at redhat.com>
      - 1.2.1-6

    - Rebuilt for
      https://fedoraproject.org/wiki/Features/Python_2.7/Mas
      sRebuild

    - Tue Jun 8 2010 Steve 'Ashcrow' Milner <stevem at
      gnulinux.net> - 1.2.1-5

    - Added
      http://code.djangoproject.com/changeset/13310?format=d
      iff&new=13310 per BZ#601212

    - Thu Jun 3 2010 Steve 'Ashcrow' Milner <stevem at
      gnulinux.net> - 1.2.1-4

    - Include egg in >= rhel6

    - Thu Jun 3 2010 Michel Salim <salimma at
      fedoraproject.org> - 1.2.1-3

    - Use generated %{name}.lang instead of including each
      locale file by hand

    - Temporarily make main package provide -doc on Rawhide,
      to fix upgrade path until upstream documentation
      builds with Sphinx 1.0

  - Thu May 27 2010 Steve 'Ashcrow' Milner <stevem at
    gnulinux.net> - 1.2.1-2

    - Allow for building docs in F13 as it's only F14
      freaking out

    - Tue May 25 2010 Steve 'Ashcrow' Milner <stevem at
      gnulinux.net> - 1.2.1-1

    - Update for new release.

    - Added lang files per BZ#584866.

    - Changed perms on
      %{python_sitelib}/django/contrib/admin/media/js/compre
      ss.py

    - Lots of explicit files listed in %files in order to
      reduce duplicate file listings

    - Docs are not built on F-13 for now

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  # http://code.djangoproject.com/changeset/13310?format=diff&new=13310
  script_set_attribute(
    attribute:"see_also",
    value:"https://github.com/django/django/commit/adc9458541"
  );
  # http://www.djangoproject.com/weblog/2010/dec/22/security/
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.djangoproject.com/weblog/2010/dec/22/security/"
  );
  # http://www.djangoproject.com/weblog/2010/sep/08/security-release/
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.djangoproject.com/weblog/2010/sep/08/security-release/"
  );
  # http://www.djangoproject.com/weblog/2010/sep/10/123/
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.djangoproject.com/weblog/2010/sep/10/123/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=665373"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2011-January/053041.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?f21a156f"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected Django package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:Django");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:13");

  script_set_attribute(attribute:"patch_publication_date", value:"2011/01/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/01/14");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^13([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 13.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC13", reference:"Django-1.2.4-1.fc13")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Django");
}
VendorProductVersionCPE
fedoraprojectfedoradjangop-cpe:/a:fedoraproject:fedora:django
fedoraprojectfedora13cpe:/o:fedoraproject:fedora:13

Related

openvas 20
fedora 6
nessus 8
ubuntu 2
prion 3
debiancve 3
freebsd 1
ubuntucve 3
osv 6
securityvulns 2
github 3
cve 3
gitlab 3
openvas
openvas
Fedora Update for Django FEDORA-2011-0096
2011-01-14 00:00:00
Fedora Update for Django FEDORA-2011-0096
2011-01-14 00:00:00
Ubuntu Update for python-django vulnerabilities USN-1040-1
2011-01-11 00:00:00
fedora
fedora
[SECURITY] Fedora 13 Update: Django-1.2.4-1.fc13
2011-01-13 23:28:26
[SECURITY] Fedora 14 Update: Django-1.2.4-1.fc14
2011-01-13 23:34:14
[SECURITY] Fedora 14 Update: Django-1.2.3-1.fc14
2010-09-23 12:57:33
nessus
nessus
Ubuntu 9.10 / 10.04 LTS / 10.10 : python-django vulnerabilities (USN-1040-1)
2011-01-07 00:00:00
FreeBSD : django -- multiple vulnerabilities (14a37474-1383-11e0-8a58-00215c6a37bb)
2010-12-30 00:00:00
Fedora 14 : Django-1.2.4-1.fc14 (2011-0120)
2011-01-14 00:00:00
ubuntu
ubuntu
Django vulnerabilities
2011-01-07 00:00:00
Django vulnerability
2010-10-13 00:00:00
prion
prion
Cross site scripting
2010-09-14 19:00:00
Integer overflow
2011-01-10 20:00:00
Design/Logic Flaw
2011-01-10 20:00:00
debiancve
debiancve
CVE-2010-3082
2010-09-14 19:00:00
CVE-2010-4535
2011-01-10 20:00:00
CVE-2010-4534
2011-01-10 20:00:00
freebsd
freebsd
django -- cross-site scripting vulnerability
2010-09-13 00:00:00
ubuntucve
ubuntucve
CVE-2010-3082
2010-09-14 00:00:00
CVE-2010-4534
2010-12-22 00:00:00
CVE-2010-4535
2010-12-22 00:00:00
osv
osv
Cross-site scripting in django
2018-07-23 19:52:42
PYSEC-2010-12
2010-09-14 19:00:00
PYSEC-2011-8
2011-01-10 20:00:00
securityvulns
securityvulns
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2010-10-19 00:00:00
[USN-1004-1] Django vulnerability
2010-10-19 00:00:00
github
github
Moderate severity vulnerability that affects django
2018-07-23 19:51:40
Cross-site scripting in django
2018-07-23 19:52:42
Moderate severity vulnerability that affects django
2018-07-23 19:51:59
cve
cve
CVE-2010-4534
2011-01-10 20:00:00
CVE-2010-3082
2010-09-14 19:00:00
CVE-2010-4535
2011-01-10 20:00:00
gitlab
gitlab
Improper Neutralization of Input During Web Page Generation
2018-07-23 00:00:00
Improper Input Validation
2018-07-23 00:00:00
Moderate severity vulnerability that affects django
2018-07-23 00:00:00
JSON
Related for FEDORA_2011-0096.NASL
openvas20fedora6nessus8ubuntu2prion3debiancve3freebsd1ubuntucve3osv6securityvulns2github3cve3gitlab3