Lucene search
GoogleOSV:PYSEC-2009-3HistoryAug 04, 2009 - 4:30 p.m.
PYSEC-2009-3
2009-08-0416:30:00
Google
osv.dev
12
0.006 Low
EPSS
Percentile
79.1%
The Admin media handler in core/servers/basehttp.py in Django 1.0 and 0.96 does not properly map URL requests to expected “static media files,” which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a crafted URL.
References
bugs.debian.org/cgi-bin/bugreport.cgi?bug=539134
code.djangoproject.com/changeset/11353
secunia.com/advisories/36137
secunia.com/advisories/36153
www.djangoproject.com/weblog/2009/jul/28/security/
www.openwall.com/lists/oss-security/2009/07/29/2
www.securityfocus.com/bid/35859
www.redhat.com/archives/fedora-package-announce/2009-August/msg00055.html
www.redhat.com/archives/fedora-package-announce/2009-August/msg00069.html
Related
openvas
openvas
Fedora Core 10 FEDORA-2009-8169 (Django)
2009-08-17 00:00:00
Fedora Core 11 FEDORA-2009-8177 (Django)
2009-08-17 00:00:00
Django Directory Traversal Vulnerability - Linux
2009-08-11 00:00:00
debiancve
debiancve
CVE-2009-2659
2009-08-04 16:30:00
ubuntucve
ubuntucve
CVE-2009-2659
2009-08-04 00:00:00
nessus
nessus
Fedora 10 : Django-1.0.3-6.fc10 (2009-8169)
2009-08-04 00:00:00
Fedora 11 : Django-1.0.3-6.fc11 (2009-8177)
2009-08-04 00:00:00
Mandriva Linux Security Advisory : python-django (MDVSA-2009:275)
2009-10-15 00:00:00
gitlab
gitlab
github
github
Django Admin Media Handler Vulnerable to Directory Traversal
2022-05-02 03:37:17
nvd
nvd
CVE-2009-2659
2009-08-04 16:30:00
cve
cve
CVE-2009-2659
2009-08-04 16:30:00
osv
osv
Django Admin Media Handler Vulnerable to Directory Traversal
2022-05-02 03:37:17
cvelist
cvelist
CVE-2009-2659
2009-08-04 16:13:00
prion
prion
Directory traversal
2009-08-04 16:30:00