Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | |||
ID de Prueba: | 1.3.6.1.4.1.25623.1.0.890885 |
Categoría: | Debian Local Security Checks |
Título: | Debian LTS: Security Advisory for python-django (DLA-885-1) |
Resumen: | , #859516;;It was discovered that there were two vulnerabilities in python-django, a;high-level Python web development framework.;;CVE-2017-7233 (#859515): Open redirect and possible XSS attack via;user-supplied numeric redirect URLs. Django relies on user input in some cases;(e.g. django.contrib.auth.views.login() and i18n) to redirect the user to an;'on success' URL. The security check for these redirects (namely is_safe_url());considered some numeric URLs (e.g. http:999999999) 'safe' when they shouldn't;be. Also, if a developer relied on is_safe_url() to provide safe redirect;targets and puts such a URL into a link, they could suffer from an XSS attack.;;CVE-2017-7234 (#895516): Open redirect vulnerability in;django.views.static.serve. A maliciously crafted URL to a Django site using the;serve() view could redirect to any other domain. The view no longer does any;redirects as they don't provide any known, useful functionality. |
Descripción: | Summary: , #859516 It was discovered that there were two vulnerabilities in python-django, a high-level Python web development framework. CVE-2017-7233 (#859515): Open redirect and possible XSS attack via user-supplied numeric redirect URLs. Django relies on user input in some cases (e.g. django.contrib.auth.views.login() and i18n) to redirect the user to an 'on success' URL. The security check for these redirects (namely is_safe_url()) considered some numeric URLs (e.g. http:999999999) 'safe' when they shouldn't be. Also, if a developer relied on is_safe_url() to provide safe redirect targets and puts such a URL into a link, they could suffer from an XSS attack. CVE-2017-7234 (#895516): Open redirect vulnerability in django.views.static.serve. A maliciously crafted URL to a Django site using the serve() view could redirect to any other domain. The view no longer does any redirects as they don't provide any known, useful functionality. Affected Software/OS: python-django on Debian Linux Solution: For Debian 7 'Wheezy', this issue has been fixed in python-django version 1.4.22-1+deb7u3. We recommend that you upgrade your python-django packages. CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N |
Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2017-7233 BugTraq ID: 97406 http://www.securityfocus.com/bid/97406 Debian Security Information: DSA-3835 (Google Search) http://www.debian.org/security/2017/dsa-3835 RedHat Security Advisories: RHSA-2017:1445 https://access.redhat.com/errata/RHSA-2017:1445 RedHat Security Advisories: RHSA-2017:1451 https://access.redhat.com/errata/RHSA-2017:1451 RedHat Security Advisories: RHSA-2017:1462 https://access.redhat.com/errata/RHSA-2017:1462 RedHat Security Advisories: RHSA-2017:1470 https://access.redhat.com/errata/RHSA-2017:1470 RedHat Security Advisories: RHSA-2017:1596 https://access.redhat.com/errata/RHSA-2017:1596 RedHat Security Advisories: RHSA-2017:3093 https://access.redhat.com/errata/RHSA-2017:3093 RedHat Security Advisories: RHSA-2018:2927 https://access.redhat.com/errata/RHSA-2018:2927 http://www.securitytracker.com/id/1038177 Common Vulnerability Exposure (CVE) ID: CVE-2017-7234 BugTraq ID: 97401 http://www.securityfocus.com/bid/97401 |
Copyright | Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net |
Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |