Lucene search
UbuntuUSN-3089-1HistorySep 27, 2016 - 12:00 a.m.
Django vulnerability
2016-09-2700:00:00
ubuntu.com
45
Releases
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
- Ubuntu 12.04
Packages
- python-django - High-level Python web development framework
Details
Sergey Bobrov discovered that Django incorrectly parsed cookies when being
used with Google Analytics. A remote attacker could possibly use this issue
to set arbitrary cookies leading to a CSRF protection bypass.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 16.04 | noarch | python-django | <Â 1.8.7-1ubuntu5.2 | UNKNOWN |
| Ubuntu | 16.04 | noarch | python-django-common | <Â 1.8.7-1ubuntu5.2 | UNKNOWN |
| Ubuntu | 16.04 | noarch | python-django-doc | <Â 1.8.7-1ubuntu5.2 | UNKNOWN |
| Ubuntu | 16.04 | noarch | python3-django | <Â 1.8.7-1ubuntu5.2 | UNKNOWN |
| Ubuntu | 14.04 | noarch | python-django | <Â 1.6.1-2ubuntu0.15 | UNKNOWN |
| Ubuntu | 14.04 | noarch | python-django-doc | <Â 1.6.1-2ubuntu0.15 | UNKNOWN |
| Ubuntu | 12.04 | noarch | python-django | <Â 1.3.1-4ubuntu1.21 | UNKNOWN |
| Ubuntu | 12.04 | noarch | python-django-doc | <Â 1.3.1-4ubuntu1.21 | UNKNOWN |
References
Related
redhat
redhat
(RHSA-2016:2038) Moderate: python-django security update
2016-10-10 05:47:17
(RHSA-2016:2043) Moderate: python-django security update
2016-10-10 05:48:11
(RHSA-2016:2040) Moderate: python-django security update
2016-10-10 05:47:36
mageia
mageia
Updated python-django packages fix security vulnerability
2016-10-04 15:20:54
freebsd
freebsd
django -- CSRF protection bypass on a site with Google Analytics
2016-09-26 00:00:00
fedora
fedora
[SECURITY] Fedora 25 Update: python-django-1.9.10-1.fc25
2016-10-10 18:23:59
[SECURITY] Fedora 23 Update: python-django-1.8.15-1.fc23
2016-10-11 01:21:01
[SECURITY] Fedora 24 Update: python-django-1.9.10-1.fc24
2016-10-10 21:53:50
prion
prion
Cross site request forgery (csrf)
2016-10-03 18:59:00
osv
osv
PYSEC-2016-3
2016-10-03 18:59:00
Django CSRF Protection Bypass
2022-05-14 03:55:50
nessus
nessus
FreeBSD : django -- CSRF protection bypass on a site with Google Analytics (bb022643-84fb-11e6-a4a1-60a44ce6887b)
2016-09-28 00:00:00
Ubuntu 14.04 LTS / 16.04 LTS : Django vulnerability (USN-3089-1)
2016-09-28 00:00:00
Fedora 23 : python-django (2016-3795497354)
2016-10-12 00:00:00
cve
cve
CVE-2016-7401
2016-10-03 18:59:00
openvas
openvas
Mageia: Security Advisory (MGASA-2016-0334)
2022-01-28 00:00:00
Ubuntu: Security Advisory (USN-3089-1)
2016-09-28 00:00:00
Debian: Security Advisory (DSA-3678-1)
2016-09-25 00:00:00
ubuntucve
ubuntucve
CVE-2016-7401
2016-09-26 00:00:00
debian
debian
[SECURITY] [DLA DLA-649-1] python-django security update
2016-10-06 21:23:18
[SECURITY] [DSA 3678-1] python-django security update
2016-09-26 20:56:39
seebug
seebug
Django CSRF Bypass (CVE-2016-7401)
2016-09-29 00:00:00
debiancve
debiancve
CVE-2016-7401
2016-10-03 18:59:00
archlinux
archlinux
[ASA-201610-12] python2-django: cross-site request forgery
2016-10-21 00:00:00
[ASA-201610-13] python-django: cross-site request forgery
2016-10-21 00:00:00
github
github
Django CSRF Protection Bypass
2022-05-14 03:55:50
veracode
veracode
Cross-Site Request Forgery (CSRF) Protection Bypass
2019-01-15 09:13:18
redhatcve
redhatcve
CVE-2016-7401
2016-09-27 00:17:27
cvelist
cvelist
CVE-2016-7401
2016-10-03 18:00:00
altlinux
altlinux