CVE-2014-0472 – python-django: unexpected code execution using reverse()
https://notcve.org/view.php?id=CVE-2014-0472
The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URLs using user input and a "dotted Python path." La función django.core.urlresolvers.reverse en Django anterior a 1.4.11, 1.5.x anterior a 1.5.6, 1.6.x anterior a 1.6.3 y 1.7.x anterior a 1.7 beta 2 permite a atacantes remotos importar y ejecutar módulos Python arbitrarios mediante el aprovechamiento de una visualización que construye URLs utilizando entradas de usuarios y una "ruta Python con puntos." • https://github.com/christasa/CVE-2014-0472 http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html http://rhn.redhat.com/errata/RHSA-2014-0456.html http://rhn.redhat.com/errata/RHSA-2014-0457.html http://secunia.com/advisories/61281 http://www.debian.org/security/2014/dsa-2934 http://www.ubuntu.com/usn/USN-2169-1 https://www.djangoproject.com/weblog/2014/apr/21/security https://access.redhat.com/security/cve/CVE-2014-0472 https://bugzilla.redhat.com/ • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2014-0473 – python-django: caching of anonymous pages could reveal CSRF token
https://notcve.org/view.php?id=CVE-2014-0473
The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to bypass CSRF protections by reading the CSRF cookie for anonymous users. La plataforma de caché en Django anterior a 1.4.11, 1.5.x anterior a 1.5.6, 1.6.x anterior a 1.6.3 y 1.7.x anterior a 1.7 beta 2 reutiliza un token de CSRF en caché para todos los usuarios anónimos, lo que permite a atacantes remotos evadir protecciones de CSRF mediante la lectura del cookie de CSRF para usuarios anónimos. • http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html http://rhn.redhat.com/errata/RHSA-2014-0456.html http://rhn.redhat.com/errata/RHSA-2014-0457.html http://secunia.com/advisories/61281 http://www.debian.org/security/2014/dsa-2934 http://www.ubuntu.com/usn/USN-2169-1 https://www.djangoproject.com/weblog/2014/apr/21/security https://access.redhat.com/security/cve/CVE-2014-0473 https://bugzilla.redhat.com/show_bug.cgi?id=1090592 • CWE-264: Permissions, Privileges, and Access Controls CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2014-0474 – python-django: MySQL typecasting
https://notcve.org/view.php?id=CVE-2014-0474
The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not properly perform type conversion, which allows remote attackers to have unspecified impact and vectors, related to "MySQL typecasting." Las clases de campo de modelo (1) FilePathField, (2) GenericIPAddressField y (3) IPAddressField en Django anterior a 1.4.11, 1.5.x anterior a 1.5.6, 1.6.x anterior a1.6.3 y 1.7.x anterior a 1.7 beta 2 no realizan debidamente conversión de tipo, lo que permite a atacantes remotos tener impacto y vectores no especificados, relacionado con "MySQL typecasting." • http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html http://rhn.redhat.com/errata/RHSA-2014-0456.html http://rhn.redhat.com/errata/RHSA-2014-0457.html http://secunia.com/advisories/61281 http://www.debian.org/security/2014/dsa-2934 http://www.ubuntu.com/usn/USN-2169-1 https://www.djangoproject.com/weblog/2014/apr/21/security https://access.redhat.com/security/cve/CVE-2014-0474 https://bugzilla.redhat.com/show_bug.cgi?id=1090593 • CWE-399: Resource Management Errors •
CVE-2013-6044 – python-django: xss in is_safe_url function
https://notcve.org/view.php?id=CVE-2013-6044
The is_safe_url function in utils/http.py in Django 1.4.x before 1.4.6, 1.5.x before 1.5.2, and 1.6 before beta 2 treats a URL's scheme as safe even if it is not HTTP or HTTPS, which might introduce cross-site scripting (XSS) or other vulnerabilities into Django applications that use this function, as demonstrated by "the login view in django.contrib.auth.views" and the javascript: scheme. La función is_safe_url en utils/http.py de Django 1.4.x anterior a la versión 1.4.6, 1.5.x anterior a la versión 1.5.2, y 1.6 anterior a beta 2 trata un esquema de URL como seguro incluso si no es HTTP o HTTPS, lo que podría permitir XSS u otras vulnerabilidades en aplicaciones Django que usen esta función, como se ha demostrado con "la vista de inicio de sesión en django.contrib.auth.views" y el javascript: scheme. • http://lists.opensuse.org/opensuse-updates/2013-10/msg00015.html http://rhn.redhat.com/errata/RHSA-2013-1521.html http://seclists.org/oss-sec/2013/q3/369 http://seclists.org/oss-sec/2013/q3/411 http://secunia.com/advisories/54476 http://www.debian.org/security/2013/dsa-2740 http://www.securityfocus.com/bid/61777 http://www.securitytracker.com/id/1028915 https://exchange.xforce.ibmcloud.com/vulnerabilities/86437 https://github.com/django/django/commit/1a274ccd6bc1afbdac80344c9 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-1443
https://notcve.org/view.php?id=CVE-2013-1443
The authentication framework (django.contrib.auth) in Django 1.4.x before 1.4.8, 1.5.x before 1.5.4, and 1.6.x before 1.6 beta 4 allows remote attackers to cause a denial of service (CPU consumption) via a long password which is then hashed. El framework de autenticación (django.contrib.auth) en Django 1.4.x anteriores a 1.4.8, 1.5.x anteriores a 1.5.4, y 1.6.x anteriores a 1.6 beta 4 permite a atacantes remotos causar denegación de servicio (consumo de CPU) a través de una contraseña larga al ser luego procesada por una función de resumen (hashed). • http://lists.opensuse.org/opensuse-updates/2013-10/msg00015.html http://lists.opensuse.org/opensuse-updates/2013-11/msg00035.html http://python.6.x6.nabble.com/Set-a-reasonable-upper-bound-on-password-length-td5032218.html http://www.debian.org/security/2013/dsa-2758 https://www.djangoproject.com/weblog/2013/sep/15/security • CWE-287: Improper Authentication •