ID FEDORA_2011-0120.NASL Type nessus Reporter This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof. Modified 2011-01-14T00:00:00
Description
Mon Jan 3 2011 Steve 'Ashcrow' Milner <me at
stevemilner.org> - 1.2.4-1
Update for multiple security issues (see
http://www.djangoproject.com/weblog/2010/dec/22/securi
ty/)
Sat Oct 9 2010 Steve 'Ashcrow' Milner <me at
stevemilner.org> - 1.2.3-3
Now build docs for F12+
Added Django-remove-djangodocs-ext.patch
Sat Oct 9 2010 Steve 'Ashcrow' Milner <me at
stevemilner.org> - 1.2.3-2
Moved to dirhtml for documentation generation
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory 2011-0120.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(51513);
script_version("1.11");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");
script_cve_id("CVE-2010-4534", "CVE-2010-4535");
script_xref(name:"FEDORA", value:"2011-0120");
script_name(english:"Fedora 14 : Django-1.2.4-1.fc14 (2011-0120)");
script_summary(english:"Checks rpm output for the updated package.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Fedora host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
" - Mon Jan 3 2011 Steve 'Ashcrow' Milner <me at
stevemilner.org> - 1.2.4-1
- Update for multiple security issues (see
http://www.djangoproject.com/weblog/2010/dec/22/securi
ty/)
- Sat Oct 9 2010 Steve 'Ashcrow' Milner <me at
stevemilner.org> - 1.2.3-3
- Now build docs for F12+
- Added Django-remove-djangodocs-ext.patch
- Sat Oct 9 2010 Steve 'Ashcrow' Milner <me at
stevemilner.org> - 1.2.3-2
- Moved to dirhtml for documentation generation
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
# http://www.djangoproject.com/weblog/2010/dec/22/security/
script_set_attribute(
attribute:"see_also",
value:"https://www.djangoproject.com/weblog/2010/dec/22/security/"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=665373"
);
# https://lists.fedoraproject.org/pipermail/package-announce/2011-January/053072.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?0d77b166"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected Django package."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:Django");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:14");
script_set_attribute(attribute:"patch_publication_date", value:"2011/01/04");
script_set_attribute(attribute:"plugin_publication_date", value:"2011/01/14");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Fedora Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^14([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 14.x", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC14", reference:"Django-1.2.4-1.fc14")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Django");
}
{"id": "FEDORA_2011-0120.NASL", "bulletinFamily": "scanner", "title": "Fedora 14 : Django-1.2.4-1.fc14 (2011-0120)", "description": " - Mon Jan 3 2011 Steve 'Ashcrow' Milner <me at\n stevemilner.org> - 1.2.4-1\n\n - Update for multiple security issues (see\n http://www.djangoproject.com/weblog/2010/dec/22/securi\n ty/)\n\n - Sat Oct 9 2010 Steve 'Ashcrow' Milner <me at\n stevemilner.org> - 1.2.3-3\n\n - Now build docs for F12+\n\n - Added Django-remove-djangodocs-ext.patch\n\n - Sat Oct 9 2010 Steve 'Ashcrow' Milner <me at\n stevemilner.org> - 1.2.3-2\n\n - Moved to dirhtml for documentation generation\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "published": "2011-01-14T00:00:00", "modified": "2011-01-14T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "href": "https://www.tenable.com/plugins/nessus/51513", "reporter": "This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://www.djangoproject.com/weblog/2010/dec/22/security/", "https://bugzilla.redhat.com/show_bug.cgi?id=665373", "http://www.nessus.org/u?0d77b166"], "cvelist": ["CVE-2010-4534", "CVE-2010-4535"], "type": "nessus", "lastseen": "2021-01-12T10:08:56", "edition": 26, "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2010-4535", "CVE-2010-4534"]}, {"type": "ubuntu", "idList": ["USN-1040-1"]}, {"type": "openvas", "idList": ["OPENVAS:862795", "OPENVAS:862786", "OPENVAS:840560", "OPENVAS:136141256231068824", "OPENVAS:68824", "OPENVAS:1361412562310862795", "OPENVAS:1361412562310862786", "OPENVAS:1361412562310840560"]}, {"type": "nessus", "idList": ["FEDORA_2011-0096.NASL", "FREEBSD_PKG_14A37474138311E08A5800215C6A37BB.NASL", "UBUNTU_USN-1040-1.NASL"]}, {"type": "fedora", "idList": ["FEDORA:97B6511050A", "FEDORA:099D5110856"]}, {"type": "github", "idList": ["GHSA-7WPH-FC4W-WQP2", "GHSA-FWR5-Q9RX-294F"]}], "modified": "2021-01-12T10:08:56", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-01-12T10:08:56", "rev": 2}, "vulnersScore": 4.4}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-0120.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51513);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-4534\", \"CVE-2010-4535\");\n script_xref(name:\"FEDORA\", value:\"2011-0120\");\n\n script_name(english:\"Fedora 14 : Django-1.2.4-1.fc14 (2011-0120)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Mon Jan 3 2011 Steve 'Ashcrow' Milner <me at\n stevemilner.org> - 1.2.4-1\n\n - Update for multiple security issues (see\n http://www.djangoproject.com/weblog/2010/dec/22/securi\n ty/)\n\n - Sat Oct 9 2010 Steve 'Ashcrow' Milner <me at\n stevemilner.org> - 1.2.3-3\n\n - Now build docs for F12+\n\n - Added Django-remove-djangodocs-ext.patch\n\n - Sat Oct 9 2010 Steve 'Ashcrow' Milner <me at\n stevemilner.org> - 1.2.3-2\n\n - Moved to dirhtml for documentation generation\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://www.djangoproject.com/weblog/2010/dec/22/security/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.djangoproject.com/weblog/2010/dec/22/security/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=665373\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-January/053072.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0d77b166\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected Django package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:Django\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/01/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"Django-1.2.4-1.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Django\");\n}\n", "naslFamily": "Fedora Local Security Checks", "pluginID": "51513", "cpe": ["p-cpe:/a:fedoraproject:fedora:Django", "cpe:/o:fedoraproject:fedora:14"], "scheme": null}
{"cve": [{"lastseen": "2020-12-09T19:34:44", "description": "The administrative interface in django.contrib.admin in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not properly restrict use of the query string to perform certain object filtering, which allows remote authenticated users to obtain sensitive information via a series of requests containing regular expressions, as demonstrated by a created_by__password__regex parameter.", "edition": 5, "cvss3": {}, "published": "2011-01-10T20:00:00", "title": "CVE-2010-4534", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4534"], "modified": "2011-01-20T06:46:00", "cpe": ["cpe:/a:djangoproject:django:1.3", "cpe:/a:djangoproject:django:1.2.1", "cpe:/a:djangoproject:django:1.0", "cpe:/a:djangoproject:django:1.2.3", "cpe:/a:djangoproject:django:1.1.0", "cpe:/a:djangoproject:django:1.2", "cpe:/a:djangoproject:django:0.95.1", "cpe:/a:djangoproject:django:1.2.2", "cpe:/a:djangoproject:django:1.1.2", "cpe:/a:djangoproject:django:0.95", "cpe:/a:djangoproject:django:1.0.2", "cpe:/a:djangoproject:django:0.91", "cpe:/a:djangoproject:django:1.1", "cpe:/a:djangoproject:django:1.0.1", "cpe:/a:djangoproject:django:0.96"], "id": "CVE-2010-4534", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4534", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:djangoproject:django:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:0.91:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:0.95:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:0.96:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.3:alpha2:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.3:alpha1:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.2:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:0.95.1:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.2.2:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:34:44", "description": "The password reset functionality in django.contrib.auth in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not validate the length of a string representing a base36 timestamp, which allows remote attackers to cause a denial of service (resource consumption) via a URL that specifies a large base36 integer.", "edition": 5, "cvss3": {}, "published": "2011-01-10T20:00:00", "title": "CVE-2010-4535", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4535"], "modified": "2011-01-20T06:46:00", "cpe": ["cpe:/a:djangoproject:django:1.3", "cpe:/a:djangoproject:django:1.2.1", "cpe:/a:djangoproject:django:1.0", "cpe:/a:djangoproject:django:1.2.3", "cpe:/a:djangoproject:django:1.1.0", "cpe:/a:djangoproject:django:1.2", "cpe:/a:djangoproject:django:0.95.1", "cpe:/a:djangoproject:django:1.2.2", "cpe:/a:djangoproject:django:1.1.2", "cpe:/a:djangoproject:django:0.95", "cpe:/a:djangoproject:django:1.0.2", "cpe:/a:djangoproject:django:0.91", "cpe:/a:djangoproject:django:1.1", "cpe:/a:djangoproject:django:1.0.1", "cpe:/a:djangoproject:django:0.96"], "id": "CVE-2010-4535", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4535", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:djangoproject:django:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:0.91:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:0.95:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:0.96:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.3:alpha2:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.3:alpha1:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.2:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:0.95.1:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.2.2:*:*:*:*:*:*:*"]}], "ubuntu": [{"lastseen": "2020-07-09T00:20:32", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4534", "CVE-2010-4535"], "description": "Adam Baldwin discovered that Django did not properly validate query string \nlookups. This could be exploited to provide an information leak to an \nattacker with admin privilieges. (CVE-2010-4534)\n\nPaul McMillan discovered that Django did not validate the length of the \ntoken used when generating a password reset. An attacker could exploit \nthis to cause a denial of service via resource exhaustion. (CVE-2010-4535)", "edition": 5, "modified": "2011-01-07T00:00:00", "published": "2011-01-07T00:00:00", "id": "USN-1040-1", "href": "https://ubuntu.com/security/notices/USN-1040-1", "title": "Django vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:39:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4534", "CVE-2010-4535"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1040-1", "modified": "2019-03-13T00:00:00", "published": "2011-01-11T00:00:00", "id": "OPENVAS:1361412562310840560", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840560", "type": "openvas", "title": "Ubuntu Update for python-django vulnerabilities USN-1040-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1040_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for python-django vulnerabilities USN-1040-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1040-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840560\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-01-11 16:07:49 +0100 (Tue, 11 Jan 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"USN\", value:\"1040-1\");\n script_cve_id(\"CVE-2010-4534\", \"CVE-2010-4535\");\n script_name(\"Ubuntu Update for python-django vulnerabilities USN-1040-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(9\\.10|10\\.10|10\\.04 LTS)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1040-1\");\n script_tag(name:\"affected\", value:\"python-django vulnerabilities on Ubuntu 9.10,\n Ubuntu 10.04 LTS,\n Ubuntu 10.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Adam Baldwin discovered that Django did not properly validate query string\n lookups. This could be exploited to provide an information leak to an\n attacker with admin privilieges. (CVE-2010-4534)\n\n Paul McMillan discovered that Django did not validate the length of the\n token used when generating a password reset. An attacker could exploit\n this to cause a denial of service via resource exhaustion. (CVE-2010-4535)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python-django-doc\", ver:\"1.1.1-1ubuntu1.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python-django\", ver:\"1.1.1-1ubuntu1.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python-django-doc\", ver:\"1.2.3-1ubuntu0.2.10.10.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python-django\", ver:\"1.2.3-1ubuntu0.2.10.10.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python-django-doc\", ver:\"1.1.1-2ubuntu1.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python-django\", ver:\"1.1.1-2ubuntu1.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:39:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4534", "CVE-2010-4535"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-01-14T00:00:00", "id": "OPENVAS:1361412562310862795", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862795", "type": "openvas", "title": "Fedora Update for Django FEDORA-2011-0120", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for Django FEDORA-2011-0120\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053072.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862795\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-01-14 16:07:43 +0100 (Fri, 14 Jan 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"FEDORA\", value:\"2011-0120\");\n script_cve_id(\"CVE-2010-4534\", \"CVE-2010-4535\");\n script_name(\"Fedora Update for Django FEDORA-2011-0120\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'Django'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC14\");\n script_tag(name:\"affected\", value:\"Django on Fedora 14\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"Django\", rpm:\"Django~1.2.4~1.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-25T10:55:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4534", "CVE-2010-4535"], "description": "Check for the Version of Django", "modified": "2017-07-10T00:00:00", "published": "2011-01-14T00:00:00", "id": "OPENVAS:862795", "href": "http://plugins.openvas.org/nasl.php?oid=862795", "type": "openvas", "title": "Fedora Update for Django FEDORA-2011-0120", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for Django FEDORA-2011-0120\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"Django on Fedora 14\";\ntag_insight = \"Django is a high-level Python Web framework that encourages rapid\n development and a clean, pragmatic design. It focuses on automating as\n much as possible and adhering to the DRY (Don't Repeat Yourself)\n principle.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053072.html\");\n script_id(862795);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-01-14 16:07:43 +0100 (Fri, 14 Jan 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2011-0120\");\n script_cve_id(\"CVE-2010-4534\", \"CVE-2010-4535\");\n script_name(\"Fedora Update for Django FEDORA-2011-0120\");\n\n script_summary(\"Check for the Version of Django\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"Django\", rpm:\"Django~1.2.4~1.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-12-04T11:26:40", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4534", "CVE-2010-4535"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1040-1", "modified": "2017-12-01T00:00:00", "published": "2011-01-11T00:00:00", "id": "OPENVAS:840560", "href": "http://plugins.openvas.org/nasl.php?oid=840560", "type": "openvas", "title": "Ubuntu Update for python-django vulnerabilities USN-1040-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1040_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for python-django vulnerabilities USN-1040-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Adam Baldwin discovered that Django did not properly validate query string\n lookups. This could be exploited to provide an information leak to an\n attacker with admin privilieges. (CVE-2010-4534)\n\n Paul McMillan discovered that Django did not validate the length of the\n token used when generating a password reset. An attacker could exploit\n this to cause a denial of service via resource exhaustion. (CVE-2010-4535)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1040-1\";\ntag_affected = \"python-django vulnerabilities on Ubuntu 9.10 ,\n Ubuntu 10.04 LTS ,\n Ubuntu 10.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1040-1/\");\n script_id(840560);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-01-11 16:07:49 +0100 (Tue, 11 Jan 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"USN\", value: \"1040-1\");\n script_cve_id(\"CVE-2010-4534\", \"CVE-2010-4535\");\n script_name(\"Ubuntu Update for python-django vulnerabilities USN-1040-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python-django-doc\", ver:\"1.1.1-1ubuntu1.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python-django\", ver:\"1.1.1-1ubuntu1.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python-django-doc\", ver:\"1.2.3-1ubuntu0.2.10.10.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python-django\", ver:\"1.2.3-1ubuntu0.2.10.10.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python-django-doc\", ver:\"1.1.1-2ubuntu1.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python-django\", ver:\"1.1.1-2ubuntu1.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3082", "CVE-2010-4534", "CVE-2010-4535"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-01-14T00:00:00", "id": "OPENVAS:1361412562310862786", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862786", "type": "openvas", "title": "Fedora Update for Django FEDORA-2011-0096", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for Django FEDORA-2011-0096\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053041.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862786\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-01-14 16:07:43 +0100 (Fri, 14 Jan 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"FEDORA\", value:\"2011-0096\");\n script_cve_id(\"CVE-2010-3082\", \"CVE-2010-4534\", \"CVE-2010-4535\");\n script_name(\"Fedora Update for Django FEDORA-2011-0096\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'Django'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC13\");\n script_tag(name:\"affected\", value:\"Django on Fedora 13\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"Django\", rpm:\"Django~1.2.4~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-25T10:55:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3082", "CVE-2010-4534", "CVE-2010-4535"], "description": "Check for the Version of Django", "modified": "2017-07-10T00:00:00", "published": "2011-01-14T00:00:00", "id": "OPENVAS:862786", "href": "http://plugins.openvas.org/nasl.php?oid=862786", "type": "openvas", "title": "Fedora Update for Django FEDORA-2011-0096", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for Django FEDORA-2011-0096\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"Django on Fedora 13\";\ntag_insight = \"Django is a high-level Python Web framework that encourages rapid\n development and a clean, pragmatic design. It focuses on automating as\n much as possible and adhering to the DRY (Don't Repeat Yourself)\n principle.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053041.html\");\n script_id(862786);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-01-14 16:07:43 +0100 (Fri, 14 Jan 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2011-0096\");\n script_cve_id(\"CVE-2010-3082\", \"CVE-2010-4534\", \"CVE-2010-4535\");\n script_name(\"Fedora Update for Django FEDORA-2011-0096\");\n\n script_summary(\"Check for the Version of Django\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"Django\", rpm:\"Django~1.2.4~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:40:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4534"], "description": "The remote host is missing an update to the system\n as announced in the referenced advisory.", "modified": "2018-10-05T00:00:00", "published": "2011-01-24T00:00:00", "id": "OPENVAS:136141256231068824", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231068824", "type": "openvas", "title": "django -- multiple vulnerabilities", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: freebsd_py23-django3.nasl 11762 2018-10-05 10:54:12Z cfischer $\n#\n# Auto generated from VID 14a37474-1383-11e0-8a58-00215c6a37bb\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.68824\");\n script_version(\"$Revision: 11762 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-05 12:54:12 +0200 (Fri, 05 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-01-24 17:55:59 +0100 (Mon, 24 Jan 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2010-4534\");\n script_bugtraq_id(45562, 45563);\n script_name(\"django -- multiple vulnerabilities\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsd\", \"ssh/login/freebsdrel\");\n\n script_tag(name:\"insight\", value:\"The following packages are affected:\n\n py23-django\n py24-django\n py25-django\n py26-django\n py27-django\n py30-django\n py31-django\n py23-django-devel\n py24-django-devel\n py25-django-devel\n py26-django-devel\n py27-django-devel\n py30-django-devel\n py31-django-devel\");\n\n script_tag(name:\"solution\", value:\"Update your system with the appropriate patches or\n software upgrades.\");\n\n script_xref(name:\"URL\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=665373\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/42715/\");\n script_xref(name:\"URL\", value:\"http://www.vuxml.org/freebsd/14a37474-1383-11e0-8a58-00215c6a37bb.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update to the system\n as announced in the referenced advisory.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-bsd.inc\");\n\nvuln = FALSE;\ntxt = \"\";\n\nbver = portver(pkg:\"py23-django\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.2\")>0 && revcomp(a:bver, b:\"1.2.4\")<0) {\n txt += 'Package py23-django version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1\")>0 && revcomp(a:bver, b:\"1.1.3\")<0) {\n txt += 'Package py23-django version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nbver = portver(pkg:\"py24-django\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.2\")>0 && revcomp(a:bver, b:\"1.2.4\")<0) {\n txt += 'Package py24-django version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1\")>0 && revcomp(a:bver, b:\"1.1.3\")<0) {\n txt += 'Package py24-django version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nbver = portver(pkg:\"py25-django\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.2\")>0 && revcomp(a:bver, b:\"1.2.4\")<0) {\n txt += 'Package py25-django version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1\")>0 && revcomp(a:bver, b:\"1.1.3\")<0) {\n txt += 'Package py25-django version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nbver = portver(pkg:\"py26-django\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.2\")>0 && revcomp(a:bver, b:\"1.2.4\")<0) {\n txt += 'Package py26-django version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1\")>0 && revcomp(a:bver, b:\"1.1.3\")<0) {\n txt += 'Package py26-django version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nbver = portver(pkg:\"py27-django\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.2\")>0 && revcomp(a:bver, b:\"1.2.4\")<0) {\n txt += 'Package py27-django version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1\")>0 && revcomp(a:bver, b:\"1.1.3\")<0) {\n txt += 'Package py27-django version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nbver = portver(pkg:\"py30-django\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.2\")>0 && revcomp(a:bver, b:\"1.2.4\")<0) {\n txt += 'Package py30-django version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1\")>0 && revcomp(a:bver, b:\"1.1.3\")<0) {\n txt += 'Package py30-django version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nbver = portver(pkg:\"py31-django\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.2\")>0 && revcomp(a:bver, b:\"1.2.4\")<0) {\n txt += 'Package py31-django version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1\")>0 && revcomp(a:bver, b:\"1.1.3\")<0) {\n txt += 'Package py31-django version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nbver = portver(pkg:\"py23-django-devel\");\nif(!isnull(bver) && revcomp(a:bver, b:\"15032,1\")<0) {\n txt += 'Package py23-django-devel version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nbver = portver(pkg:\"py24-django-devel\");\nif(!isnull(bver) && revcomp(a:bver, b:\"15032,1\")<0) {\n txt += 'Package py24-django-devel version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nbver = portver(pkg:\"py25-django-devel\");\nif(!isnull(bver) && revcomp(a:bver, b:\"15032,1\")<0) {\n txt += 'Package py25-django-devel version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nbver = portver(pkg:\"py26-django-devel\");\nif(!isnull(bver) && revcomp(a:bver, b:\"15032,1\")<0) {\n txt += 'Package py26-django-devel version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nbver = portver(pkg:\"py27-django-devel\");\nif(!isnull(bver) && revcomp(a:bver, b:\"15032,1\")<0) {\n txt += 'Package py27-django-devel version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nbver = portver(pkg:\"py30-django-devel\");\nif(!isnull(bver) && revcomp(a:bver, b:\"15032,1\")<0) {\n txt += 'Package py30-django-devel version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nbver = portver(pkg:\"py31-django-devel\");\nif(!isnull(bver) && revcomp(a:bver, b:\"15032,1\")<0) {\n txt += 'Package py31-django-devel version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\n\nif(vuln) {\n security_message(data:txt);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2017-07-02T21:13:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4534"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2017-02-25T00:00:00", "published": "2011-01-24T00:00:00", "id": "OPENVAS:68824", "href": "http://plugins.openvas.org/nasl.php?oid=68824", "type": "openvas", "title": "django -- multiple vulnerabilities", "sourceData": "#\n#VID 14a37474-1383-11e0-8a58-00215c6a37bb\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 14a37474-1383-11e0-8a58-00215c6a37bb\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n py23-django\n py24-django\n py25-django\n py26-django\n py27-django\n py30-django\n py31-django\n py23-django-devel\n py24-django-devel\n py25-django-devel\n py26-django-devel\n py27-django-devel\n py30-django-devel\n py31-django-devel\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttps://bugzilla.redhat.com/show_bug.cgi?id=665373\nhttp://secunia.com/advisories/42715/\nhttp://www.vuxml.org/freebsd/14a37474-1383-11e0-8a58-00215c6a37bb.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(68824);\n script_version(\"$Revision: 5424 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-25 17:52:36 +0100 (Sat, 25 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-01-24 17:55:59 +0100 (Mon, 24 Jan 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2010-4534\");\n script_bugtraq_id(45562,45563);\n script_name(\"django -- multiple vulnerabilities\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"py23-django\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.2\")>0 && revcomp(a:bver, b:\"1.2.4\")<0) {\n txt += 'Package py23-django version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1\")>0 && revcomp(a:bver, b:\"1.1.3\")<0) {\n txt += 'Package py23-django version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"py24-django\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.2\")>0 && revcomp(a:bver, b:\"1.2.4\")<0) {\n txt += 'Package py24-django version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1\")>0 && revcomp(a:bver, b:\"1.1.3\")<0) {\n txt += 'Package py24-django version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"py25-django\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.2\")>0 && revcomp(a:bver, b:\"1.2.4\")<0) {\n txt += 'Package py25-django version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1\")>0 && revcomp(a:bver, b:\"1.1.3\")<0) {\n txt += 'Package py25-django version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"py26-django\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.2\")>0 && revcomp(a:bver, b:\"1.2.4\")<0) {\n txt += 'Package py26-django version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1\")>0 && revcomp(a:bver, b:\"1.1.3\")<0) {\n txt += 'Package py26-django version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"py27-django\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.2\")>0 && revcomp(a:bver, b:\"1.2.4\")<0) {\n txt += 'Package py27-django version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1\")>0 && revcomp(a:bver, b:\"1.1.3\")<0) {\n txt += 'Package py27-django version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"py30-django\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.2\")>0 && revcomp(a:bver, b:\"1.2.4\")<0) {\n txt += 'Package py30-django version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1\")>0 && revcomp(a:bver, b:\"1.1.3\")<0) {\n txt += 'Package py30-django version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"py31-django\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.2\")>0 && revcomp(a:bver, b:\"1.2.4\")<0) {\n txt += 'Package py31-django version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1\")>0 && revcomp(a:bver, b:\"1.1.3\")<0) {\n txt += 'Package py31-django version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"py23-django-devel\");\nif(!isnull(bver) && revcomp(a:bver, b:\"15032,1\")<0) {\n txt += 'Package py23-django-devel version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"py24-django-devel\");\nif(!isnull(bver) && revcomp(a:bver, b:\"15032,1\")<0) {\n txt += 'Package py24-django-devel version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"py25-django-devel\");\nif(!isnull(bver) && revcomp(a:bver, b:\"15032,1\")<0) {\n txt += 'Package py25-django-devel version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"py26-django-devel\");\nif(!isnull(bver) && revcomp(a:bver, b:\"15032,1\")<0) {\n txt += 'Package py26-django-devel version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"py27-django-devel\");\nif(!isnull(bver) && revcomp(a:bver, b:\"15032,1\")<0) {\n txt += 'Package py27-django-devel version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"py30-django-devel\");\nif(!isnull(bver) && revcomp(a:bver, b:\"15032,1\")<0) {\n txt += 'Package py30-django-devel version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"py31-django-devel\");\nif(!isnull(bver) && revcomp(a:bver, b:\"15032,1\")<0) {\n txt += 'Package py31-django-devel version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:NONE/A:NONE/"}}], "nessus": [{"lastseen": "2021-01-07T10:40:01", "description": "Django project reports :\n\nToday the Django team is issuing multiple releases -- Django 1.2.4,\nDjango 1.1.3 and Django 1.3 beta 1 -- to remedy two security issues\nreported to us. All users of affected versions of Django are urged to\nupgrade immediately. Information leakage in Django administrative\ninterface The Django administrative interface, django.contrib.admin\nsupports filtering of displayed lists of objects by fields on the\ncorresponding models, including across database-level relationships.\nThis is implemented by passing lookup arguments in the querystring\nportion of the URL, and options on the ModelAdmin class allow\ndevelopers to specify particular fields or relationships which will\ngenerate automatic links for filtering. Denial-of-service attack in\npassword-reset mechanism Django's bundled authentication framework,\ndjango.contrib.auth, offers views which allow users to reset a\nforgotten password. The reset mechanism involves generating a one-time\ntoken composed from the user's ID, the timestamp of the reset request\nconverted to a base36 integer, and a hash derived from the user's\ncurrent password hash (which will change once the reset is complete,\nthus invalidating the token).", "edition": 25, "published": "2010-12-30T00:00:00", "title": "FreeBSD : django -- multiple vulnerabilities (14a37474-1383-11e0-8a58-00215c6a37bb)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4534", "CVE-2010-4535"], "modified": "2010-12-30T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:py23-django", "p-cpe:/a:freebsd:freebsd:py26-django", "p-cpe:/a:freebsd:freebsd:py24-django", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:py27-django", "p-cpe:/a:freebsd:freebsd:py25-django", "p-cpe:/a:freebsd:freebsd:py31-django", "p-cpe:/a:freebsd:freebsd:py25-django-devel", "p-cpe:/a:freebsd:freebsd:py24-django-devel", "p-cpe:/a:freebsd:freebsd:py30-django", "p-cpe:/a:freebsd:freebsd:py30-django-devel", "p-cpe:/a:freebsd:freebsd:py23-django-devel", "p-cpe:/a:freebsd:freebsd:py31-django-devel", "p-cpe:/a:freebsd:freebsd:py26-django-devel", "p-cpe:/a:freebsd:freebsd:py27-django-devel"], "id": "FREEBSD_PKG_14A37474138311E08A5800215C6A37BB.NASL", "href": "https://www.tenable.com/plugins/nessus/51393", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51393);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2010-4534\", \"CVE-2010-4535\");\n script_bugtraq_id(45562, 45563);\n script_xref(name:\"Secunia\", value:\"42715\");\n\n script_name(english:\"FreeBSD : django -- multiple vulnerabilities (14a37474-1383-11e0-8a58-00215c6a37bb)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Django project reports :\n\nToday the Django team is issuing multiple releases -- Django 1.2.4,\nDjango 1.1.3 and Django 1.3 beta 1 -- to remedy two security issues\nreported to us. All users of affected versions of Django are urged to\nupgrade immediately. Information leakage in Django administrative\ninterface The Django administrative interface, django.contrib.admin\nsupports filtering of displayed lists of objects by fields on the\ncorresponding models, including across database-level relationships.\nThis is implemented by passing lookup arguments in the querystring\nportion of the URL, and options on the ModelAdmin class allow\ndevelopers to specify particular fields or relationships which will\ngenerate automatic links for filtering. Denial-of-service attack in\npassword-reset mechanism Django's bundled authentication framework,\ndjango.contrib.auth, offers views which allow users to reset a\nforgotten password. The reset mechanism involves generating a one-time\ntoken composed from the user's ID, the timestamp of the reset request\nconverted to a base36 integer, and a hash derived from the user's\ncurrent password hash (which will change once the reset is complete,\nthus invalidating the token).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=665373\"\n );\n # https://vuxml.freebsd.org/freebsd/14a37474-1383-11e0-8a58-00215c6a37bb.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2d645320\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:py23-django\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:py23-django-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:py24-django\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:py24-django-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:py25-django\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:py25-django-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:py26-django\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:py26-django-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:py27-django\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:py27-django-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:py30-django\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:py30-django-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:py31-django\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:py31-django-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/12/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/12/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/12/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"py23-django>1.2<1.2.4\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"py23-django>1.1<1.1.3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"py24-django>1.2<1.2.4\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"py24-django>1.1<1.1.3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"py25-django>1.2<1.2.4\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"py25-django>1.1<1.1.3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"py26-django>1.2<1.2.4\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"py26-django>1.1<1.1.3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"py27-django>1.2<1.2.4\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"py27-django>1.1<1.1.3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"py30-django>1.2<1.2.4\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"py30-django>1.1<1.1.3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"py31-django>1.2<1.2.4\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"py31-django>1.1<1.1.3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"py23-django-devel<15032,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"py24-django-devel<15032,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"py25-django-devel<15032,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"py26-django-devel<15032,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"py27-django-devel<15032,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"py30-django-devel<15032,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"py31-django-devel<15032,1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-01T06:34:15", "description": "Adam Baldwin discovered that Django did not properly validate query\nstring lookups. This could be exploited to provide an information leak\nto an attacker with admin privilieges. (CVE-2010-4534)\n\nPaul McMillan discovered that Django did not validate the length of\nthe token used when generating a password reset. An attacker could\nexploit this to cause a denial of service via resource exhaustion.\n(CVE-2010-4535).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2011-01-07T00:00:00", "title": "Ubuntu 9.10 / 10.04 LTS / 10.10 : python-django vulnerabilities (USN-1040-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4534", "CVE-2010-4535"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:python-django", "p-cpe:/a:canonical:ubuntu_linux:python-django-doc", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:10.10", "cpe:/o:canonical:ubuntu_linux:9.10"], "id": "UBUNTU_USN-1040-1.NASL", "href": "https://www.tenable.com/plugins/nessus/51437", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1040-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(51437);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/09/19 12:54:26\");\n\n script_cve_id(\"CVE-2010-4534\", \"CVE-2010-4535\");\n script_bugtraq_id(45562, 45563);\n script_xref(name:\"USN\", value:\"1040-1\");\n\n script_name(english:\"Ubuntu 9.10 / 10.04 LTS / 10.10 : python-django vulnerabilities (USN-1040-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Adam Baldwin discovered that Django did not properly validate query\nstring lookups. This could be exploited to provide an information leak\nto an attacker with admin privilieges. (CVE-2010-4534)\n\nPaul McMillan discovered that Django did not validate the length of\nthe token used when generating a password reset. An attacker could\nexploit this to cause a denial of service via resource exhaustion.\n(CVE-2010-4535).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1040-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python-django and / or python-django-doc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python-django\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python-django-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/01/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/01/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/01/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(9\\.10|10\\.04|10\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 9.10 / 10.04 / 10.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"9.10\", pkgname:\"python-django\", pkgver:\"1.1.1-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"python-django-doc\", pkgver:\"1.1.1-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"python-django\", pkgver:\"1.1.1-2ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"python-django-doc\", pkgver:\"1.1.1-2ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"python-django\", pkgver:\"1.2.3-1ubuntu0.2.10.10.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"python-django-doc\", pkgver:\"1.2.3-1ubuntu0.2.10.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-django / python-django-doc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:08:56", "description": " - Mon Jan 3 2011 Steve 'Ashcrow' Milner <me at\n stevemilner.org> - 1.2.4-1\n\n - Update for multiple security issues (see\n http://www.djangoproject.com/weblog/2010/dec/22/securi\n ty/)\n\n - Sat Oct 9 2010 Steve 'Ashcrow' Milner <me at\n stevemilner.org> - 1.2.3-3\n\n - Now build docs for F12+\n\n - Added Django-remove-djangodocs-ext.patch\n\n - Sat Oct 9 2010 Steve 'Ashcrow' Milner <me at\n stevemilner.org> - 1.2.3-2\n\n - Moved to dirhtml for documentation generation\n\n - Mon Sep 13 2010 Steve 'Ashcrow' Milner <me at\n stevemilner.org> - 1.2.3-1\n\n - Update for\n http://www.djangoproject.com/weblog/2010/sep/10/123/\n\n - Thu Sep 9 2010 Steve 'Ashcrow' Milner <me at\n stevemilner.org> - 1.2.2-1\n\n - Update for CVE-2010-3082 (see\n http://www.djangoproject.com/weblog/2010/sep/08/securi\n ty-release/)\n\n - Removed Django-hash-compat-13310.patch as it is\n already included in this release\n\n - Wed Jul 21 2010 David Malcolm <dmalcolm at redhat.com>\n - 1.2.1-6\n\n - Rebuilt for\n https://fedoraproject.org/wiki/Features/Python_2.7/Mas\n sRebuild\n\n - Tue Jun 8 2010 Steve 'Ashcrow' Milner <stevem at\n gnulinux.net> - 1.2.1-5\n\n - Added\n http://code.djangoproject.com/changeset/13310?format=d\n iff&new=13310 per BZ#601212\n\n - Thu Jun 3 2010 Steve 'Ashcrow' Milner <stevem at\n gnulinux.net> - 1.2.1-4\n\n - Include egg in >= rhel6\n\n - Thu Jun 3 2010 Michel Salim <salimma at\n fedoraproject.org> - 1.2.1-3\n\n - Use generated %{name}.lang instead of including each\n locale file by hand\n\n - Temporarily make main package provide -doc on Rawhide,\n to fix upgrade path until upstream documentation\n builds with Sphinx 1.0\n\n - Thu May 27 2010 Steve 'Ashcrow' Milner <stevem at\n gnulinux.net> - 1.2.1-2\n\n - Allow for building docs in F13 as it's only F14\n freaking out\n\n - Tue May 25 2010 Steve 'Ashcrow' Milner <stevem at\n gnulinux.net> - 1.2.1-1\n\n - Update for new release.\n\n - Added lang files per BZ#584866.\n\n - Changed perms on\n %{python_sitelib}/django/contrib/admin/media/js/compre\n ss.py\n\n - Lots of explicit files listed in %files in order to\n reduce duplicate file listings\n\n - Docs are not built on F-13 for now\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 27, "published": "2011-01-14T00:00:00", "title": "Fedora 13 : Django-1.2.4-1.fc13 (2011-0096)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3082", "CVE-2010-4534", "CVE-2010-4535"], "modified": "2011-01-14T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:Django", "cpe:/o:fedoraproject:fedora:13"], "id": "FEDORA_2011-0096.NASL", "href": "https://www.tenable.com/plugins/nessus/51512", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-0096.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51512);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-4534\", \"CVE-2010-4535\");\n script_xref(name:\"FEDORA\", value:\"2011-0096\");\n\n script_name(english:\"Fedora 13 : Django-1.2.4-1.fc13 (2011-0096)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Mon Jan 3 2011 Steve 'Ashcrow' Milner <me at\n stevemilner.org> - 1.2.4-1\n\n - Update for multiple security issues (see\n http://www.djangoproject.com/weblog/2010/dec/22/securi\n ty/)\n\n - Sat Oct 9 2010 Steve 'Ashcrow' Milner <me at\n stevemilner.org> - 1.2.3-3\n\n - Now build docs for F12+\n\n - Added Django-remove-djangodocs-ext.patch\n\n - Sat Oct 9 2010 Steve 'Ashcrow' Milner <me at\n stevemilner.org> - 1.2.3-2\n\n - Moved to dirhtml for documentation generation\n\n - Mon Sep 13 2010 Steve 'Ashcrow' Milner <me at\n stevemilner.org> - 1.2.3-1\n\n - Update for\n http://www.djangoproject.com/weblog/2010/sep/10/123/\n\n - Thu Sep 9 2010 Steve 'Ashcrow' Milner <me at\n stevemilner.org> - 1.2.2-1\n\n - Update for CVE-2010-3082 (see\n http://www.djangoproject.com/weblog/2010/sep/08/securi\n ty-release/)\n\n - Removed Django-hash-compat-13310.patch as it is\n already included in this release\n\n - Wed Jul 21 2010 David Malcolm <dmalcolm at redhat.com>\n - 1.2.1-6\n\n - Rebuilt for\n https://fedoraproject.org/wiki/Features/Python_2.7/Mas\n sRebuild\n\n - Tue Jun 8 2010 Steve 'Ashcrow' Milner <stevem at\n gnulinux.net> - 1.2.1-5\n\n - Added\n http://code.djangoproject.com/changeset/13310?format=d\n iff&new=13310 per BZ#601212\n\n - Thu Jun 3 2010 Steve 'Ashcrow' Milner <stevem at\n gnulinux.net> - 1.2.1-4\n\n - Include egg in >= rhel6\n\n - Thu Jun 3 2010 Michel Salim <salimma at\n fedoraproject.org> - 1.2.1-3\n\n - Use generated %{name}.lang instead of including each\n locale file by hand\n\n - Temporarily make main package provide -doc on Rawhide,\n to fix upgrade path until upstream documentation\n builds with Sphinx 1.0\n\n - Thu May 27 2010 Steve 'Ashcrow' Milner <stevem at\n gnulinux.net> - 1.2.1-2\n\n - Allow for building docs in F13 as it's only F14\n freaking out\n\n - Tue May 25 2010 Steve 'Ashcrow' Milner <stevem at\n gnulinux.net> - 1.2.1-1\n\n - Update for new release.\n\n - Added lang files per BZ#584866.\n\n - Changed perms on\n %{python_sitelib}/django/contrib/admin/media/js/compre\n ss.py\n\n - Lots of explicit files listed in %files in order to\n reduce duplicate file listings\n\n - Docs are not built on F-13 for now\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://code.djangoproject.com/changeset/13310?format=diff&new=13310\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/django/django/commit/adc9458541\"\n );\n # http://www.djangoproject.com/weblog/2010/dec/22/security/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.djangoproject.com/weblog/2010/dec/22/security/\"\n );\n # http://www.djangoproject.com/weblog/2010/sep/08/security-release/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.djangoproject.com/weblog/2010/sep/08/security-release/\"\n );\n # http://www.djangoproject.com/weblog/2010/sep/10/123/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.djangoproject.com/weblog/2010/sep/10/123/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=665373\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-January/053041.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f21a156f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected Django package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:Django\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/01/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"Django-1.2.4-1.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Django\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4534", "CVE-2010-4535"], "description": "Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don't Repeat Yourself) principle. ", "modified": "2011-01-13T23:34:14", "published": "2011-01-13T23:34:14", "id": "FEDORA:099D5110856", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: Django-1.2.4-1.fc14", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3082", "CVE-2010-4534", "CVE-2010-4535"], "description": "Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don't Repeat Yourself) principle. ", "modified": "2011-01-13T23:28:26", "published": "2011-01-13T23:28:26", "id": "FEDORA:97B6511050A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: Django-1.2.4-1.fc13", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "github": [{"lastseen": "2020-03-10T23:26:15", "bulletinFamily": "software", "cvelist": ["CVE-2010-4534"], "description": "The administrative interface in django.contrib.admin in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not properly restrict use of the query string to perform certain object filtering, which allows remote authenticated users to obtain sensitive information via a series of requests containing regular expressions, as demonstrated by a created_by__password__regex parameter.", "edition": 2, "modified": "2019-07-03T21:02:01", "published": "2018-07-23T19:51:40", "id": "GHSA-FWR5-Q9RX-294F", "href": "https://github.com/advisories/GHSA-fwr5-q9rx-294f", "title": "Moderate severity vulnerability that affects django", "type": "github", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2020-03-10T23:26:15", "bulletinFamily": "software", "cvelist": ["CVE-2010-4535"], "description": "The password reset functionality in django.contrib.auth in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not validate the length of a string representing a base36 timestamp, which allows remote attackers to cause a denial of service (resource consumption) via a URL that specifies a large base36 integer.", "edition": 2, "modified": "2019-07-03T21:02:01", "published": "2018-07-23T19:51:59", "id": "GHSA-7WPH-FC4W-WQP2", "href": "https://github.com/advisories/GHSA-7wph-fc4w-wqp2", "title": "Moderate severity vulnerability that affects django", "type": "github", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}]}