Detections
Analytics

Mandriva Linux Security Advisory : python-django (MDVSA-2009:275)

medium Nessus Plugin ID 42130

Synopsis

The remote Mandriva Linux host is missing a security update.

Description

A vulnerability has been found and corrected in python-django :

The Admin media handler in core/servers/basehttp.py in Django 1.0 and 0.96 does not properly map URL requests to expected static media files, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a crafted URL (CVE-2009-2659).

The versions of Django shipping with Mandriva Linux have been updated to the latest patched version that include the fix for this issue. In addition, they provide other bug fixes.

Solution

Update the affected python-django package.

See Also

http://www.djangoproject.com/weblog/2009/jul/28/security/

Plugin Details

Severity: Medium

ID: 42130

File Name: mandriva_MDVSA-2009-275.nasl

Version: 1.15

Type: local

Published: 10/15/2009

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:python-django, cpe:/o:mandriva:linux:2008.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 10/13/2009

Reference Information

CVE: CVE-2009-2659

BID: 35859

CWE: 22

MDVSA: 2009:275