UbuntuUSN-1066-1Django vulnerabilities
5.7 Medium
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
72.7%
Releases
- Ubuntu 10.10
- Ubuntu 10.04
- Ubuntu 9.10
Packages
- python-django - High-level Python web development framework
Details
It was discovered that Django did not properly validate HTTP requests that
contain an X-Requested-With header. An attacker could exploit this
vulnerability to perform cross-site request forgery (CSRF) attacks.
(CVE-2011-0696)
It was discovered that Django did not properly sanitize its input when
performing file uploads, resulting in cross-site scripting (XSS)
vulnerabilities. With cross-site scripting vulnerabilities, if a user were
tricked into viewing server output during a crafted server request, a
remote attacker could exploit this to modify the contents, or steal
confidential data, within the same domain. (CVE-2011-0697)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 9.10 | noarch | python-django | < 1.1.1-1ubuntu1.2 | UNKNOWN |
| Ubuntu | 9.10 | noarch | python-django-doc | < 1.1.1-1ubuntu1.2 | UNKNOWN |
| Ubuntu | 10.10 | noarch | python-django | < 1.2.3-1ubuntu0.2.10.10.2 | UNKNOWN |
| Ubuntu | 10.10 | noarch | python-django-doc | < 1.2.3-1ubuntu0.2.10.10.2 | UNKNOWN |
| Ubuntu | 10.04 | noarch | python-django | < 1.1.1-2ubuntu1.3 | UNKNOWN |
| Ubuntu | 10.04 | noarch | python-django-doc | < 1.1.1-2ubuntu1.3 | UNKNOWN |
Related
5.7 Medium
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
72.7%