1240 matches found
PYSEC-2016-15
The utils.http.issafeurl function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting XSS attacks via a URL containing basic authentication, as demonstrated by...
Cross site scripting
The utils.http.issafeurl function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting XSS attacks via a URL containing basic authentication, as demonstrated by...
PYSEC-2016-15
The utils.http.issafeurl function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting XSS attacks via a URL containing basic authentication, as demonstrated by...
CVE-2016-2512
The utils.http.issafeurl function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting XSS attacks via a URL containing basic authentication, as demonstrated by...
Debian DSA-3544-1 : python-django - security update
Several vulnerabilities were discovered in Django, a high-level Python web development framework. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2016-2512 Mark Striemer discovered that some user-supplied redirect URLs containing basic authentication...
The vulnerability of the Ruby on Rails software platform, which allows attackers to bypass the authentication process
The vulnerability of the httpbasicauthenticatewith method in the ActionController/lib/actioncontroller/metal/httpauthentication.rb implementation of Basic Authentication in the Ruby on Rails software framework is related to security configuration errors. Exploiting this vulnerability allows a...
python-django: Malicious redirect and possible XSS attack via user-supplied redirect URLs containing basic auth
An open-redirect flaw was found in the way Django's django.utils.http.issafeurl function filtered authentication URLs. An attacker able to trick a victim into visiting a crafted URL could use this flaw to redirect that victim to a malicious site...
python-django: Malicious redirect and possible XSS attack via user-supplied redirect URLs containing basic auth
An open-redirect flaw was found in the way Django's django.utils.http.issafeurl function filtered authentication URLs. An attacker able to trick a victim into visiting a crafted URL could use this flaw to redirect that victim to a malicious site...
python-django: Malicious redirect and possible XSS attack via user-supplied redirect URLs containing basic auth
An open-redirect flaw was found in the way Django's django.utils.http.issafeurl function filtered authentication URLs. An attacker able to trick a victim into visiting a crafted URL could use this flaw to redirect that victim to a malicious site...
python-django: Malicious redirect and possible XSS attack via user-supplied redirect URLs containing basic auth
An open-redirect flaw was found in the way Django's django.utils.http.issafeurl function filtered authentication URLs. An attacker able to trick a victim into visiting a crafted URL could use this flaw to redirect that victim to a malicious site...
rubygem-actionpack: Timing attack vulnerability in basic authentication in Action Controller
A flaw was found in the way the Action Controller component compared user names and passwords when performing HTTP basic authentication. Time taken to compare strings could differ depending on input, possibly allowing a remote attacker to determine valid user names and passwords using a timing...
Important: Red Hat Security Advisory: ror40 security update
Updated ror40-rubygem-actionpack and ror40-rubygem-activerecord packages that fix multiple security issues are now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores,...
Important: Red Hat Security Advisory: ruby193 security update
Updated ruby193-rubygem-actionpack and ruby193-rubygem-activerecord packages that fix multiple security issues are now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base...
rubygem-actionpack: Timing attack vulnerability in basic authentication in Action Controller
A flaw was found in the way the Action Controller component compared user names and passwords when performing HTTP basic authentication. Time taken to compare strings could differ depending on input, possibly allowing a remote attacker to determine valid user names and passwords using a timing...
USN-2915-3 python-django regression
USN-2915-1 fixed vulnerabilities in Django. The upstream fix for CVE-2016-2512 introduced a regression for certain applications. This update fixes the problem by applying the complete upstream regression fix. Original advisory details: Mark Striemer discovered that Django incorrectly handled...
UBUNTU-CVE-2016-2512
The utils.http.issafeurl function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting XSS attacks via a URL containing basic authentication, as demonstrated by...
SUSE-SU-2016:0623-1 Security update for rubygem-activesupport-3_2
This update for rubygem-activesupport-32 fixes the following issues: - CVE-2015-7576: Timing attack vulnerability in basic authentication in Action Controller bsc963329...
rubygem-actionpack: Timing attack vulnerability in basic authentication in Action Controller
A flaw was found in the way the Action Controller component compared user names and passwords when performing HTTP basic authentication. Time taken to compare strings could differ depending on input, possibly allowing a remote attacker to determine valid user names and passwords using a timing...
HTTP Server Basic Authentication Detection
Binary data 7140.pasl...
Authentication flaw
The httpbasicauthenticatewith method in actionpack/lib/actioncontroller/metal/httpauthentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not use a...