Debian Security Advisory DSA 2332-1 (python-django)

The remote host is missing an update to python-django announced via advisory DSA 2332-1. OpenVAS Vulnerability Test $Id: deb23321.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2332-1 python-django Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft...

[SECURITY] [DSA 2332-1] python-django security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2332-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst October 29, 2011 http://www.debian.org/security/faq -...

CVE-2011-4140

The CSRF protection mechanism in Django through 1.2.7 and 1.3.x through 1.3.1 does not properly handle web-server configurations supporting arbitrary HTTP Host headers, which allows remote attackers to trigger unauthenticated forged requests via vectors involving a DNS CNAME record and a web page...

CVE-2011-4140

The CSRF protection mechanism in Django through 1.2.7 and 1.3.x through 1.3.1 does not properly handle web-server configurations supporting arbitrary HTTP Host headers, which allows remote attackers to trigger unauthenticated forged requests via vectors involving a DNS CNAME record and a web page...

CVE-2011-4140

CVE-2011-4140 : Django 1.2.7 and 1.3.x up to 1.3.1 contain a CSRF protection flaw that mishandles HTTP Host headers in certain web-server configurations, enabling remote attackers to trigger unauthenticated forged requests via vectors involving a DNS CNAME and a page with JavaScript. Impact: unau...