Mandriva Linux Security Advisory : python-django (MDVSA-2014:113)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing a security update.

Description :

Multiple vulnerabilities has been discovered and corrected in
python-django :

Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7
before 1.7b4 does not properly include the (1) Vary: Cookie or (2)
Cache-Control header in responses, which allows remote attackers to
obtain sensitive information or poison the cache via a request from
certain browsers (CVE-2014-1418).

The django.util.http.is_safe_url function in Django 1.4 before 1.4.13,
1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not
properly validate URLs, which allows remote attackers to conduct open
redirect attacks via a malformed URL, as demonstrated by
http:\djangoproject.com. (CVE-2014-3730).

The django.core.urlresolvers.reverse function in Django before 1.4.11,
1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2
allows remote attackers to import and execute arbitrary Python modules
by leveraging a view that constructs URLs using user input and a
dotted Python path. (CVE-2014-0472).

The caching framework in Django before 1.4.11, 1.5.x before 1.5.6,
1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF
token for all anonymous users, which allows remote attackers to bypass
CSRF protections by reading the CSRF cookie for anonymous users
(CVE-2014-0473).

The (1) FilePathField, (2) GenericIPAddressField, and (3)
IPAddressField model field classes in Django before 1.4.11, 1.5.x
before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not
properly perform type conversion, which allows remote attackers to
have unspecified impact and vectors, related to MySQL typecasting.
(CVE-2014-0474).

The updated packages have been patched to correct these issues.

Solution :

Update the affected python-django package.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Mandriva Local Security Checks

Nessus Plugin ID: 74446 ()

Bugtraq ID: 67038
67040
67041
67408
67410

CVE ID: CVE-2014-0472
CVE-2014-0473
CVE-2014-0474
CVE-2014-1418
CVE-2014-3730

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now