 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.703835 |
| Category: | Debian Local Security Checks |
| Title: | Debian: Security Advisory (DSA-3835-1) |
| Summary: | The remote host is missing an update for the Debian 'python-django' package(s) announced via the DSA-3835-1 advisory. |
| Description: | Summary: The remote host is missing an update for the Debian 'python-django' package(s) announced via the DSA-3835-1 advisory. Vulnerability Insight: Several vulnerabilities were discovered in Django, a high-level Python web development framework. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-9013 Marti Raudsepp reported that a user with a hardcoded password is created when running tests with an Oracle database. CVE-2016-9014 Aymeric Augustin discovered that Django does not properly validate the Host header against settings.ALLOWED_HOSTS when the debug setting is enabled. A remote attacker can take advantage of this flaw to perform DNS rebinding attacks. CVE-2017-7233 It was discovered that is_safe_url() does not properly handle certain numeric URLs as safe. A remote attacker can take advantage of this flaw to perform XSS attacks or to use a Django server as an open redirect. CVE-2017-7234 Phithon from Chaitin Tech discovered an open redirect vulnerability in the django.views.static.serve() view. Note that this view is not intended for production use. For the stable distribution (jessie), these problems have been fixed in version 1.7.11-1+deb8u2. We recommend that you upgrade your python-django packages. Affected Software/OS: 'python-django' package(s) on Debian 8. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2016-9013 BugTraq ID: 94069 http://www.securityfocus.com/bid/94069 Debian Security Information: DSA-3835 (Google Search) http://www.debian.org/security/2017/dsa-3835 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OG5ROMUPS6C7BXELD3TAUUH7OBYV56WQ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXDKJYHN74BWY3P7AR2UZDVJREQMRE6S/ http://www.securitytracker.com/id/1037159 http://www.ubuntu.com/usn/USN-3115-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-9014 BugTraq ID: 94068 http://www.securityfocus.com/bid/94068 Common Vulnerability Exposure (CVE) ID: CVE-2017-7233 BugTraq ID: 97406 http://www.securityfocus.com/bid/97406 RedHat Security Advisories: RHSA-2017:1445 https://access.redhat.com/errata/RHSA-2017:1445 RedHat Security Advisories: RHSA-2017:1451 https://access.redhat.com/errata/RHSA-2017:1451 RedHat Security Advisories: RHSA-2017:1462 https://access.redhat.com/errata/RHSA-2017:1462 RedHat Security Advisories: RHSA-2017:1470 https://access.redhat.com/errata/RHSA-2017:1470 RedHat Security Advisories: RHSA-2017:1596 https://access.redhat.com/errata/RHSA-2017:1596 RedHat Security Advisories: RHSA-2017:3093 https://access.redhat.com/errata/RHSA-2017:3093 RedHat Security Advisories: RHSA-2018:2927 https://access.redhat.com/errata/RHSA-2018:2927 http://www.securitytracker.com/id/1038177 Common Vulnerability Exposure (CVE) ID: CVE-2017-7234 BugTraq ID: 97401 http://www.securityfocus.com/bid/97401 |
| Copyright | Copyright (C) 2017 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |