Lucene search
This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.FREEBSD_PKG_62287F51D43D11E4879C00E0814CAB4E.NASLHistoryMar 27, 2015 - 12:00 a.m.
FreeBSD : django -- multiple vulnerabilities (62287f51-d43d-11e4-879c-00e0814cab4e)
2015-03-2700:00:00
This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
15
The Django project reports :
In accordance with our security release policy, the Django team is issuing multiple releases – Django 1.4.20, 1.6.11, 1.7.7 and 1.8c1.
These releases are now available on PyPI and our download page. These releases address several security issues detailed below. We encourage all users of Django to upgrade as soon as possible. The Django master branch has also been updated.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from the FreeBSD VuXML database :
#
# Copyright 2003-2018 Jacques Vidrine and contributors
#
# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
# HTML, PDF, PostScript, RTF and so forth) with or without modification,
# are permitted provided that the following conditions are met:
# 1. Redistributions of source code (VuXML) must retain the above
# copyright notice, this list of conditions and the following
# disclaimer as the first lines of this file unmodified.
# 2. Redistributions in compiled form (transformed to other DTDs,
# published online in any format, converted to PDF, PostScript,
# RTF and other formats) must reproduce the above copyright
# notice, this list of conditions and the following disclaimer
# in the documentation and/or other materials provided with the
# distribution.
#
# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(82286);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id("CVE-2015-2316", "CVE-2015-2317");
script_name(english:"FreeBSD : django -- multiple vulnerabilities (62287f51-d43d-11e4-879c-00e0814cab4e)");
script_summary(english:"Checks for updated packages in pkg_info output");
script_set_attribute(
attribute:"synopsis",
value:
"The remote FreeBSD host is missing one or more security-related
updates."
);
script_set_attribute(
attribute:"description",
value:
"The Django project reports :
In accordance with our security release policy, the Django team is
issuing multiple releases -- Django 1.4.20, 1.6.11, 1.7.7 and 1.8c1.
These releases are now available on PyPI and our download page. These
releases address several security issues detailed below. We encourage
all users of Django to upgrade as soon as possible. The Django master
branch has also been updated."
);
script_set_attribute(
attribute:"see_also",
value:"https://www.djangoproject.com/weblog/2015/mar/18/security-releases/"
);
# https://vuxml.freebsd.org/freebsd/62287f51-d43d-11e4-879c-00e0814cab4e.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?a6dcef98"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:py27-django");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:py27-django-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:py32-django");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:py32-django-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:py33-django");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:py33-django-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:py34-django");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:py34-django-devel");
script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
script_set_attribute(attribute:"vuln_publication_date", value:"2015/03/18");
script_set_attribute(attribute:"patch_publication_date", value:"2015/03/27");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/27");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"FreeBSD Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
exit(0);
}
include("audit.inc");
include("freebsd_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (pkg_test(save_report:TRUE, pkg:"py27-django>=1.4<1.4.20")) flag++;
if (pkg_test(save_report:TRUE, pkg:"py27-django>=1.6<1.6.11")) flag++;
if (pkg_test(save_report:TRUE, pkg:"py27-django>=1.7<1.7.7")) flag++;
if (pkg_test(save_report:TRUE, pkg:"py32-django>=1.4<1.4.20")) flag++;
if (pkg_test(save_report:TRUE, pkg:"py32-django>=1.6<1.6.11")) flag++;
if (pkg_test(save_report:TRUE, pkg:"py32-django>=1.7<1.7.7")) flag++;
if (pkg_test(save_report:TRUE, pkg:"py33-django>=1.4<1.4.20")) flag++;
if (pkg_test(save_report:TRUE, pkg:"py33-django>=1.6<1.6.11")) flag++;
if (pkg_test(save_report:TRUE, pkg:"py33-django>=1.7<1.7.7")) flag++;
if (pkg_test(save_report:TRUE, pkg:"py34-django>=1.4<1.4.20")) flag++;
if (pkg_test(save_report:TRUE, pkg:"py34-django>=1.6<1.6.11")) flag++;
if (pkg_test(save_report:TRUE, pkg:"py34-django>=1.7<1.7.7")) flag++;
if (pkg_test(save_report:TRUE, pkg:"py27-django-devel<20150326,1")) flag++;
if (pkg_test(save_report:TRUE, pkg:"py32-django-devel<20150326,1")) flag++;
if (pkg_test(save_report:TRUE, pkg:"py33-django-devel<20150326,1")) flag++;
if (pkg_test(save_report:TRUE, pkg:"py34-django-devel<20150326,1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());
else security_warning(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
| Vendor | Product | Version | CPE |
|---|---|---|---|
| freebsd | freebsd | py27-django | p-cpe:/a:freebsd:freebsd:py27-django |
| freebsd | freebsd | py27-django-devel | p-cpe:/a:freebsd:freebsd:py27-django-devel |
| freebsd | freebsd | py32-django | p-cpe:/a:freebsd:freebsd:py32-django |
| freebsd | freebsd | py32-django-devel | p-cpe:/a:freebsd:freebsd:py32-django-devel |
| freebsd | freebsd | py33-django | p-cpe:/a:freebsd:freebsd:py33-django |
| freebsd | freebsd | py33-django-devel | p-cpe:/a:freebsd:freebsd:py33-django-devel |
| freebsd | freebsd | py34-django | p-cpe:/a:freebsd:freebsd:py34-django |
| freebsd | freebsd | py34-django-devel | p-cpe:/a:freebsd:freebsd:py34-django-devel |
| freebsd | freebsd | cpe:/o:freebsd:freebsd |
Related
openvas
openvas
Fedora Update for python-django FEDORA-2015-5766
2015-07-07 00:00:00
Ubuntu: Security Advisory (USN-2539-1)
2015-03-24 00:00:00
Mageia: Security Advisory (MGASA-2015-0127)
2022-01-28 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: python-django-1.8-1.fc22
2015-04-21 19:11:20
[SECURITY] Fedora 20 Update: python-django14-1.4.20-1.fc20
2015-06-18 13:24:55
securityvulns
securityvulns
[USN-2539-1] Django vulnerabilities
2015-05-11 00:00:00
nessus
nessus
Fedora 22 : python-django-1.8-1.fc22 (2015-5766)
2015-04-22 00:00:00
Ubuntu 14.04 LTS : Django vulnerabilities (USN-2539-1)
2015-03-24 00:00:00
openSUSE Security Update : python-Django (openSUSE-2015-281)
2015-04-02 00:00:00
ubuntu
ubuntu
Django vulnerabilities
2015-03-23 00:00:00
freebsd
freebsd
django -- multiple vulnerabilities
2015-03-18 00:00:00
mageia
mageia
Updated python-django packages fix security vulnerabilities
2015-04-03 16:11:23
ubuntucve
ubuntucve
CVE-2015-2316
2015-03-19 00:00:00
CVE-2015-2317
2015-03-19 00:00:00
debian
debian
[SECURITY] [DSA 3204-1] python-django security update
2015-03-24 19:30:44
[SECURITY] [DSA 3204-1] python-django security update
2015-03-24 19:31:02
[SECURITY] [DLA 272-1] python-django security update
2015-07-16 13:47:04
debiancve
debiancve
CVE-2015-2317
2015-03-25 14:59:00
CVE-2015-2316
2015-03-25 14:59:00
cve
cve
CVE-2015-2317
2015-03-25 14:59:00
CVE-2015-2316
2015-03-25 14:59:00
cvelist
cvelist
CVE-2015-2317
2015-03-25 14:00:00
CVE-2015-2316
2015-03-25 14:00:00
prion
prion
Input validation
2015-03-25 14:59:00
Cross site scripting
2015-03-25 14:59:00
github
github
Django Denial-of-service possibility with strip_tags
2022-05-14 02:06:52
Django cross-site scripting (XSS) attack via user-supplied redirect URLs
2022-05-14 02:06:51
osv
osv
PYSEC-2015-18
2015-03-25 14:59:00
PYSEC-2015-9
2015-03-25 14:59:00
python-django - security update
2015-07-16 00:00:00
Related for FREEBSD_PKG_62287F51D43D11E4879C00E0814CAB4E.NASL