Debian Local Security Checks : Debian Security Advisory DSA 3835-1 (python-django

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.703835

Kategorie: Debian Local Security Checks

Titel: Debian Security Advisory DSA 3835-1 (python-django - security update)

Zusammenfassung: Several vulnerabilities were discovered in Django, a high-level Python;web development framework. The Common Vulnerabilities and Exposures;project identifies the following problems:;;CVE-2016-9013;Marti Raudsepp reported that a user with a hardcoded password is;created when running tests with an Oracle database.;;CVE-2016-9014;Aymeric Augustin discovered that Django does not properly validate;the Host header against settings.ALLOWED_HOSTS when the debug;setting is enabled. A remote attacker can take advantage of this;flaw to perform DNS rebinding attacks.;;CVE-2017-7233;It was discovered that is_safe_url() does not properly handle;certain numeric URLs as safe. A remote attacker can take advantage;of this flaw to perform XSS attacks or to use a Django server as an;open redirect.;;CVE-2017-7234;Phithon from Chaitin Tech discovered an open redirect vulnerability;in the django.views.static.serve() view. Note that this view is not;intended for production use.

Beschreibung: Summary:
Several vulnerabilities were discovered in Django, a high-level Python
web development framework. The Common Vulnerabilities and Exposures
project identifies the following problems:

CVE-2016-9013
Marti Raudsepp reported that a user with a hardcoded password is
created when running tests with an Oracle database.

CVE-2016-9014
Aymeric Augustin discovered that Django does not properly validate
the Host header against settings.ALLOWED_HOSTS when the debug
setting is enabled. A remote attacker can take advantage of this
flaw to perform DNS rebinding attacks.

CVE-2017-7233
It was discovered that is_safe_url() does not properly handle
certain numeric URLs as safe. A remote attacker can take advantage
of this flaw to perform XSS attacks or to use a Django server as an
open redirect.

CVE-2017-7234
Phithon from Chaitin Tech discovered an open redirect vulnerability
in the django.views.static.serve() view. Note that this view is not
intended for production use.

Affected Software/OS:
python-django on Debian Linux

Solution:
For the stable distribution (jessie), these problems have been fixed in
version 1.7.11-1+deb8u2.

We recommend that you upgrade your python-django packages.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2016-9013
BugTraq ID: 94069
http://www.securityfocus.com/bid/94069
Debian Security Information: DSA-3835 (Google Search)
http://www.debian.org/security/2017/dsa-3835
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OG5ROMUPS6C7BXELD3TAUUH7OBYV56WQ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXDKJYHN74BWY3P7AR2UZDVJREQMRE6S/
http://www.securitytracker.com/id/1037159
http://www.ubuntu.com/usn/USN-3115-1
Common Vulnerability Exposure (CVE) ID: CVE-2016-9014
BugTraq ID: 94068
http://www.securityfocus.com/bid/94068
Common Vulnerability Exposure (CVE) ID: CVE-2017-7233
BugTraq ID: 97406
http://www.securityfocus.com/bid/97406
RedHat Security Advisories: RHSA-2017:1445
https://access.redhat.com/errata/RHSA-2017:1445
RedHat Security Advisories: RHSA-2017:1451
https://access.redhat.com/errata/RHSA-2017:1451
RedHat Security Advisories: RHSA-2017:1462
https://access.redhat.com/errata/RHSA-2017:1462
RedHat Security Advisories: RHSA-2017:1470
https://access.redhat.com/errata/RHSA-2017:1470
RedHat Security Advisories: RHSA-2017:1596
https://access.redhat.com/errata/RHSA-2017:1596
RedHat Security Advisories: RHSA-2017:3093
https://access.redhat.com/errata/RHSA-2017:3093
RedHat Security Advisories: RHSA-2018:2927
https://access.redhat.com/errata/RHSA-2018:2927
http://www.securitytracker.com/id/1038177
Common Vulnerability Exposure (CVE) ID: CVE-2017-7234
BugTraq ID: 97401
http://www.securityfocus.com/bid/97401

Copyright Copyright (C) 2017 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.703835
Kategorie:	Debian Local Security Checks
Titel:	Debian Security Advisory DSA 3835-1 (python-django - security update)
Zusammenfassung:	Several vulnerabilities were discovered in Django, a high-level Python;web development framework. The Common Vulnerabilities and Exposures;project identifies the following problems:;;CVE-2016-9013;Marti Raudsepp reported that a user with a hardcoded password is;created when running tests with an Oracle database.;;CVE-2016-9014;Aymeric Augustin discovered that Django does not properly validate;the Host header against settings.ALLOWED_HOSTS when the debug;setting is enabled. A remote attacker can take advantage of this;flaw to perform DNS rebinding attacks.;;CVE-2017-7233;It was discovered that is_safe_url() does not properly handle;certain numeric URLs as safe. A remote attacker can take advantage;of this flaw to perform XSS attacks or to use a Django server as an;open redirect.;;CVE-2017-7234;Phithon from Chaitin Tech discovered an open redirect vulnerability;in the django.views.static.serve() view. Note that this view is not;intended for production use.
Beschreibung:	Summary: Several vulnerabilities were discovered in Django, a high-level Python web development framework. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-9013 Marti Raudsepp reported that a user with a hardcoded password is created when running tests with an Oracle database. CVE-2016-9014 Aymeric Augustin discovered that Django does not properly validate the Host header against settings.ALLOWED_HOSTS when the debug setting is enabled. A remote attacker can take advantage of this flaw to perform DNS rebinding attacks. CVE-2017-7233 It was discovered that is_safe_url() does not properly handle certain numeric URLs as safe. A remote attacker can take advantage of this flaw to perform XSS attacks or to use a Django server as an open redirect. CVE-2017-7234 Phithon from Chaitin Tech discovered an open redirect vulnerability in the django.views.static.serve() view. Note that this view is not intended for production use. Affected Software/OS: python-django on Debian Linux Solution: For the stable distribution (jessie), these problems have been fixed in version 1.7.11-1+deb8u2. We recommend that you upgrade your python-django packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2016-9013 BugTraq ID: 94069 http://www.securityfocus.com/bid/94069 Debian Security Information: DSA-3835 (Google Search) http://www.debian.org/security/2017/dsa-3835 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OG5ROMUPS6C7BXELD3TAUUH7OBYV56WQ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXDKJYHN74BWY3P7AR2UZDVJREQMRE6S/ http://www.securitytracker.com/id/1037159 http://www.ubuntu.com/usn/USN-3115-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-9014 BugTraq ID: 94068 http://www.securityfocus.com/bid/94068 Common Vulnerability Exposure (CVE) ID: CVE-2017-7233 BugTraq ID: 97406 http://www.securityfocus.com/bid/97406 RedHat Security Advisories: RHSA-2017:1445 https://access.redhat.com/errata/RHSA-2017:1445 RedHat Security Advisories: RHSA-2017:1451 https://access.redhat.com/errata/RHSA-2017:1451 RedHat Security Advisories: RHSA-2017:1462 https://access.redhat.com/errata/RHSA-2017:1462 RedHat Security Advisories: RHSA-2017:1470 https://access.redhat.com/errata/RHSA-2017:1470 RedHat Security Advisories: RHSA-2017:1596 https://access.redhat.com/errata/RHSA-2017:1596 RedHat Security Advisories: RHSA-2017:3093 https://access.redhat.com/errata/RHSA-2017:3093 RedHat Security Advisories: RHSA-2018:2927 https://access.redhat.com/errata/RHSA-2018:2927 http://www.securitytracker.com/id/1038177 Common Vulnerability Exposure (CVE) ID: CVE-2017-7234 BugTraq ID: 97401 http://www.securityfocus.com/bid/97401
Copyright	Copyright (C) 2017 Greenbone Networks GmbH