7661 matches found
MGASA-2016-0334 Updated python-django packages fix security vulnerability
CVE-2016-7401: CSRF protection bypass on a site with Google Analytics An interaction between Google Analytics and Django's cookie parsing could allow an attacker to set arbitrary cookies leading to a bypass of CSRF protection...
DEBIAN-CVE-2016-7401
The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies...
CVE-2016-7401
The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies...
PYSEC-2016-3
The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies...
Cross site request forgery (csrf)
The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies...
PYSEC-2016-3
The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies...
CVE-2016-7401
The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies...
CVE-2016-7401
The CVE describes a CSRF protection bypass in Django caused by the interaction between Google Analytics and Django’s cookie parsing. Affected versions are Django before 1.8.15 and 1.9.x before 1.9.10. Multiple connected advisories confirm the issue and provide remediation guidance: upgrading to a...
CVE-2016-7401
The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies...
osquery - SQL powered operating system instrumentation, monitoring, and analytics
osquery is an operating system instrumentation framework for OS X and Linux. The tools make low-level operating system analytics and monitoring both performant and intuitive. Platform | Build status | | | ---|---|---|---|--- OS X 10.9 | | | Homepage: | https://osquery.io OS X 10.10/11 | | |...
Django CSRF Bypass (CVE-2016-7401)
Author: p0wd3r 知道创宇404安全实验室 Date: 2016-09-28 0x00 漏洞概述 1.漏洞简介 Django是一个由Python写成的开源Web应用框架。在两年前有研究人员在hackerone上提交了一个利用Google Analytics来绕过Django的CSRF防护机制的漏洞CSRF protection bypass on any Django powered site via Google Analytics,通过该漏洞,当一个网站使用了Django作为Web框架并且设置了Django的CSRF防护机制,同时又使用了Google...
Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
Description Apache MyFaces Trinidad is prone to a security vulnerability. Successfully exploiting this issue allows attackers to obtain sensitive information or execute arbitrary code in the context of the affected application. Apache MyFaces Trinidad 1.2.14-core , 1.0.13-core , 2.0.1-core and...
FreeBSD : django -- CSRF protection bypass on a site with Google Analytics (bb022643-84fb-11e6-a4a1-60a44ce6887b)
Django Software Foundation reports : An interaction between Google Analytics and Django's cookie parsing could allow an attacker to set arbitrary cookies leading to a bypass of CSRF protection. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...
CVE-2 0 1 6-7 4 0 1-Django CSRF Defense bypass vulnerability analysis-vulnerability warning-the black bar safety net
Django yesterday fixes this vulnerability: https://www.djangoproject.com/weblog/2016/sep/26/security-releases/ In fact, last year had similar issues, report it to Twitter https://hackerone.com/reports/14883 that vulnerability is composed of the following components. 0x01 by the Google Analytics...
USN-3089-1: Django vulnerability
Sergey Bobrov discovered that Django incorrectly parsed cookies when being used with Google Analytics. A remote attacker could possibly use this issue to set arbitrary cookies leading to a CSRF protection bypass...
USN-3089-1 python-django vulnerability
Sergey Bobrov discovered that Django incorrectly parsed cookies when being used with Google Analytics. A remote attacker could possibly use this issue to set arbitrary cookies leading to a CSRF protection bypass...
CVE-2016-7401
A CSRF flaw was found in Django, where an interaction between Google Analytics and Django's cookie parsing could allow an attacker to set arbitrary cookies leading to a bypass of CSRF protection. In this update, the parser for ''request.COOKIES'' has been simplified to better match browser behavi...
Debian DSA-3678-1 : python-django - security update
Sergey Bobrov discovered that cookie parsing in Django and Google Analytics interacted such a way that an attacker could set arbitrary cookies. This allows other malicious websites to bypass the Cross-Site Request Forgery CSRF protections built into Django. %NASLMINLEVEL 70300 C Tenable Network...
CVE-2016-7401
The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies...
UBUNTU-CVE-2016-7401
The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies...