 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| CVE ID: | CVE-2011-4138 |
| Description: | The verify_exists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 originally tests a URL's validity through a HEAD request, but then uses a GET request for the new target URL in the case of a redirect, which might allow remote attackers to trigger arbitrary GET requests with an unintended source IP address via a crafted Location header. |
| Test IDs: | 1.3.6.1.4.1.25623.1.0.70548 |
| Cross References: |
Common Vulnerability Exposure (CVE) ID: CVE-2011-4138 Debian Security Information: DSA-2332 (Google Search) http://www.debian.org/security/2011/dsa-2332 http://openwall.com/lists/oss-security/2011/09/11/1 http://openwall.com/lists/oss-security/2011/09/13/2 http://secunia.com/advisories/46614 SuSE Security Announcement: openSUSE-SU-2012:0653 (Google Search) https://hermes.opensuse.org/messages/14700881 |