This script is Copyright (C) 2015 Tenable Network Security, Inc.
The remote Mandriva Linux host is missing a security update.
Updated python-django packages fix security vulnerabilities :
Jedediah Smith discovered that Django incorrectly handled underscores
in WSGI headers. A remote attacker could possibly use this issue to
spoof headers in certain environments (CVE-2015-0219).
Mikko Ohtamaa discovered that Django incorrectly handled user-supplied
redirect URLs. A remote attacker could possibly use this issue to
perform a cross-site scripting attack (CVE-2015-0220).
Alex Gaynor discovered that Django incorrectly handled reading files
in django.views.static.serve(). A remote attacker could possibly use
this issue to cause Django to consume resources, resulting in a denial
of service (CVE-2015-0221).
See also :
Update the affected python-django package.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.3
Public Exploit Available : false