SB2014121303 - Gentoo update for Django

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2014121303

SB2014121303 - Gentoo update for Django

Published: December 13, 2014 Updated: September 25, 2016

Security Bulletin ID SB2014121303
Severity
Medium
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 50% Low 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) Input validation error (CVE-ID: CVE-2014-0480)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not properly validate URLs, which allows remote attackers to conduct phishing attacks via a // (slash slash) in a URL, which triggers a scheme-relative URL to be generated.


2) Resource management error (CVE-ID: CVE-2014-0481)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name generation process when a file with a conflicting name is uploaded, which allows remote attackers to cause a denial of service (CPU consumption) by unloading a multiple files with the same name.


3) Improper Authentication (CVE-ID: CVE-2014-0482)

The vulnerability allows a remote #AU# to read and manipulate data.

The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.RemoteUserBackend backend, allows remote authenticated users to hijack web sessions via vectors related to the REMOTE_USER header.


4) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2014-0483)

The vulnerability allows a remote #AU# to gain access to sensitive information.

The administrative interface (contrib.admin) in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship between models, which allows remote authenticated users to obtain sensitive information via a to_field parameter in a popup action to an admin change form page, as demonstrated by a /admin/auth/user/?pop=1&t=password URI.


Remediation

Install update from vendor's website.

References