Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-1297-1
HistoryDec 09, 2011 - 12:00 a.m.

Django vulnerabilities

2011-12-0900:00:00
ubuntu.com
30

6.5 Medium

AI Score

Confidence

Low

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

0.038 Low

EPSS

Percentile

91.7%

JSON

Releases

  • Ubuntu 11.10
  • Ubuntu 11.04
  • Ubuntu 10.10
  • Ubuntu 10.04

Packages

  • python-django - High-level Python web development framework

Details

Pall McMillan discovered that Django used the root namespace when storing
cached session data. A remote attacker could exploit this to modify
sessions. (CVE-2011-4136)

Paul McMillan discovered that Django would not timeout on arbitrary URLs
when the application used URLFields. This could be exploited by a remote
attacker to cause a denial of service via resource exhaustion.
(CVE-2011-4137)

Paul McMillan discovered that while Django would check the validity of a
URL via a HEAD request, it would instead use a GET request for the target
of a redirect. This could potentially be used to trigger arbitrary GET
requests via a crafted Location header. (CVE-2011-4138)

It was discovered that Django would sometimes use a request’s HTTP Host
header to construct a full URL. A remote attacker could exploit this to
conduct host header cache poisoning attacks via a crafted request.
(CVE-2011-4139)

Related

openvas 4
nessus 3
debian 1
osv 9
securityvulns 1
ubuntucve 4
cve 4
gitlab 4
prion 4
github 4
debiancve 4
openvas
openvas
Ubuntu Update for python-django USN-1297-1
2011-12-09 00:00:00
Ubuntu: Security Advisory (USN-1297-1)
2011-12-09 00:00:00
Debian Security Advisory DSA 2332-1 (python-django)
2012-02-11 00:00:00
nessus
nessus
Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : python-django vulnerabilities (USN-1297-1)
2011-12-09 00:00:00
Debian DSA-2332-1 : python-django - several issues
2011-10-31 00:00:00
openSUSE Security Update : python-django (openSUSE-SU-2012:0653-1)
2014-06-13 00:00:00
debian
debian
[SECURITY] [DSA 2332-1] python-django security update
2011-10-29 05:50:53
osv
osv
python-django - several issues
2011-10-29 00:00:00
Django Might Allow CSRF Requests via URL Verification
2022-05-14 03:49:36
PYSEC-2011-3
2011-10-19 10:55:00
securityvulns
securityvulns
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2011-11-06 00:00:00
ubuntucve
ubuntucve
CVE-2011-4138
2011-10-19 00:00:00
CVE-2011-4136
2011-10-19 00:00:00
CVE-2011-4139
2011-10-19 00:00:00
cve
cve
CVE-2011-4138
2011-10-19 10:55:00
CVE-2011-4136
2011-10-19 10:55:00
CVE-2011-4139
2011-10-19 10:55:00
gitlab
gitlab
Improper Input Validation
2022-05-14 00:00:00
Improper Input Validation
2018-07-23 00:00:00
Improper Input Validation
2022-05-14 00:00:00
prion
prion
Design/Logic Flaw
2011-10-19 10:55:00
Design/Logic Flaw
2011-10-19 10:55:00
Cross site request forgery (csrf)
2011-10-19 10:55:00
github
github
Django Might Allow CSRF Requests via URL Verification
2022-05-14 03:49:36
Moderate severity vulnerability that affects django
2018-07-23 19:52:39
Django Vulnerable to Cache Poisoning
2022-05-14 03:49:36
debiancve
debiancve
CVE-2011-4138
2011-10-19 10:55:00
CVE-2011-4136
2011-10-19 10:55:00
CVE-2011-4139
2011-10-19 10:55:00

6.5 Medium

AI Score

Confidence

Low

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

0.038 Low

EPSS

Percentile

91.7%

JSON
Related for USN-1297-1
openvas4nessus3debian1osv9securityvulns1ubuntucve4cve4gitlab4prion4github4debiancve4