openSUSE Security Update : python-django (openSUSE-SU-2013:1203-1)

python-django was updated to 1.4.5 to fix various security issues and bugs. Update to 1.4.5 : - Security release. - Fix bnc807175 / bnc787521 / CVE-2012-4520 / CVE-2013-0305 / CVE-2013-0306 and CVE-2013-1665. - Update to 1.4.3 : - Security release : - Host header poisoning - Redirect poisoning -...

Ubuntu Update for python-django USN-1757-1

Check for the Version of python-django OpenVAS Vulnerability Test $Id: gbubuntuUSN17571.nasl 8650 2018-02-03 12:16:59Z teissa $ Ubuntu Update for python-django USN-1757-1 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is...

Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : python-django vulnerabilities (USN-1757-1)

James Kettle discovered that Django did not properly filter the Host HTTP header when processing certain requests. An attacker could exploit this to generate and display arbitrary URLs to users. Although this issue had been previously addressed in USN-1632-1, this update adds additional hardening...

Debian Security Advisory DSA 2634-1 (python-django - several vulnerabilities)

Several vulnerabilities have been discovered in Django, a high-level Python web development framework. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2012-4520 James Kettle discovered that Django did not properly filter the HTTP Host header when processing...

[SECURITY] [DSA 2634-1] python-django security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2634-1 [email protected] http://www.debian.org/security/ Nico Golde February 27, 2013 http://www.debian.org/security/faq -...

Debian: Security Advisory (DSA-2634-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mandriva Update for python-django MDVSA-2012:181 (python-django)

Check for the Version of python-django OpenVAS Vulnerability Test Mandriva Update for python-django MDVSA-2012:181 python-django Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...

Mandriva Linux Security Advisory : python-django (MDVSA-2012:181)

Multiple host header poisoning flaws were found and fixed in Django. The updated packages have been upgraded to the 1.3.5 version which is not affected by these issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

Ubuntu: Security Advisory (USN-1632-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu Update for python-django USN-1632-1

Ubuntu Update for Linux kernel vulnerabilities USN-1632-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN16321.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for python-django USN-1632-1 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.ne...

CVE-2012-4520

CVE-2012-4520 concerns Django’s http.HttpRequest.get_host, where Django 1.3.x before 1.3.4 and 1.4.x before 1.4.2 can be exploited by crafting the Host header to cause the application to display arbitrary URLs, potentially impacting views such as password resets. The vulnerability is described ac...

[USN-1632-1] Django vulnerability

========================================================================== Ubuntu Security Notice USN-1632-1 November 15, 2012 python-django vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its...

Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : python-django vulnerability (USN-1632-1)

James Kettle discovered Django did not properly filter the Host HTTP header when processing certain requests. An attacker could exploit this to generate and display arbitrary URLs to users. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu...

Fedora Update for Django FEDORA-2012-16417

Check for the Version of Django OpenVAS Vulnerability Test Fedora Update for Django FEDORA-2012-16417 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

Fedora 17 : Django-1.4.2-1.fc17 (2012-16440)

Security releases issued - Host header poisoning Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

Fedora 16 : Django-1.3.4-1.fc16 (2012-16417)

Security releases issued - Host header poisoning Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

FreeBSD Ports: django

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Fedora 18 : python-django-1.4.2-1.fc18 (2012-16406)

Security releases issued - Host header poisoning Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

Django 1.3.1 'HttpRequest.get_host()'信息泄露漏洞

Bugtraq ID:56146 CVE ID:CVE-2012-4520 Django是一款开放源代码的Web应用框架，由Python写成。 当处理HTTP "Host"头数据时"HttpRequest.gethost"方法存在漏洞，可被利用构建特制的头字段泄露任意URLS。 0 Django 1.3.1 厂商解决方案 Django 1.3.4或1.4.2已经修复此漏洞，建议用户下载使用： https://www.djangoproject.com/weblog/2012/oct/17/security/...