CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2016-2513 – python-django: User enumeration through timing difference on password hasher work factor upgrade
https://notcve.org/view.php?id=CVE-2016-2513
The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests. El hasher de contraseñas en contrib/auth/hashers.py en Django en versiones anteriores a 1.8.10 y 1.9.x en versiones anteriores a 1.9.3 permite a atacantes remotos enumerar usuarios a través de un ataque de sincronización que implica peticiones de login. A timing attack flaw was found in the way Django's PBKDF2PasswordHasher performed password hashing. Passwords hashed with an older version of PBKDF2PasswordHasher used less hashing iterations, and thus allowed an attacker to enumerate existing users based on the time differences in the login requests. • http://rhn.redhat.com/errata/RHSA-2016-0502.html http://rhn.redhat.com/errata/RHSA-2016-0504.html http://rhn.redhat.com/errata/RHSA-2016-0505.html http://rhn.redhat.com/errata/RHSA-2016-0506.html http://www.debian.org/security/2016/dsa-3544 http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/83878 http://www.securitytracker.com/id/1035152 http://www.ubuntu.com/usn/USN-2915-1 http://www.ubuntu.com/usn&#x • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-385: Covert Timing Channel •
CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 0CVE-2016-2048
https://notcve.org/view.php?id=CVE-2016-2048
Django 1.9.x before 1.9.2, when ModelAdmin.save_as is set to True, allows remote authenticated users to bypass intended access restrictions and create ModelAdmin objects via the "Save as New" option when editing objects and leveraging the "change" permission. Django 1.9.x en versiones anteriores a 1.9.2, cuando ModelAdmin.save_as se establece a verdadero, permite a usuarios remotos autenticados eludir las restricciones destinadas al acceso y crear objetos ModelAdmin a través de la opción "Save as New" cuando se editan objetos y se aprovecha el permiso "change". • http://www.securityfocus.com/bid/82329 http://www.securitytracker.com/id/1034894 https://www.djangoproject.com/weblog/2016/feb/01/releases-192-and-189 • CWE-284: Improper Access Control •
CVSS: 5.0EPSS: 0%CPEs: 9EXPL: 0CVE-2015-8213 – python-django: Information leak through date template filter
https://notcve.org/view.php?id=CVE-2015-8213
The get_format function in utils/formats.py in Django before 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 might allow remote attackers to obtain sensitive application secrets via a settings key in place of a date/time format setting, as demonstrated by SECRET_KEY. La función get_format en utils/formats.py en Django en versiones anteriores a 1.7.x en versiones anteriores a 1.7.11, 1.8.x en versiones anteriores a 1.8.7 y 1.9.x en versiones anteriores a 1.9rc2 puede permitir a atacantes remotos obtener secretos sensibles de aplicaciones a través de una clave de ajustes en lugar de un ajuste de formato de fecha/hora, según lo demostrado por SECRET_KEY. An information-exposure flaw was found in the Django date filter. If an application allowed users to provide non-validated date formats, a malicious end user could expose application-settings data by providing the relevant applications-settings key instead of a valid date format. • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173375.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174770.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00014.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00017.html http://rhn.redhat.com/errata/RHSA-2016-0129.html http://rhn.redhat.com/errata/RHSA-2016-0156.html http://rhn.redhat.com/errata/RHSA-2016-0157.html http://rhn.redhat.com/errata/RHSA-2016-0158.h • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 2%CPEs: 43EXPL: 0CVE-2015-5963 – python-django: Denial-of-service possibility in logout() view by filling session store
https://notcve.org/view.php?id=CVE-2015-5963
contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service (session store consumption or session record removal) via a large number of requests to contrib.auth.views.logout, which triggers the creation of an empty session record. Vulnerabilidad en contrib.sessions.middleware.SessionMiddleware en Django 1.8.x en versiones anteriores a 1.8.4, 1.7.x en versiones anteriores a 1.7.10, 1.4.x en versiones anteriores a 1.4.22 y posiblemente otras versiones, permite a atacantes remotos causar una denegación de servicio (consumo de almacén de sesión o eliminación de registro de sesión) a través de un gran número de peticiones a contrib.auth.views.logout, lo que desencadena la creación de un registro de sesión vacío. It was found that Django incorrectly handled the session store. A session could be created by anonymously accessing the django.contrib.auth.views.logout view if it was not decorated correctly with django.contrib.auth.decorators.login_required. A remote attacker could use this flaw to fill up the session store or cause other users' session records to be evicted by requesting a large number of new sessions. • http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.html http://lists.opensuse.org/opensuse-updates/2015-09/msg00026.html http://lists.opensuse.org/opensuse-updates/2015-09/msg00035.html http://rhn.redhat.com/errata/RHSA-2015-1766.html http://rhn.redhat.com/errata/RHSA-2015-1767.html http://rhn.redhat.com/errata/RHSA-2015-1894.html http://www.debian.org/security/2015/dsa-3338 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http: • CWE-399: Resource Management Errors CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.0EPSS: 1%CPEs: 43EXPL: 0CVE-2015-5964 – python-django: Denial-of-service possibility in logout() view by filling session store
https://notcve.org/view.php?id=CVE-2015-5964
The (1) contrib.sessions.backends.base.SessionBase.flush and (2) cache_db.SessionStore.flush functions in Django 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions create empty sessions in certain circumstances, which allows remote attackers to cause a denial of service (session store consumption) via unspecified vectors. Vulnerabilidad en las funciones (1) contrib.sessions.backends.base.SessionBase.flush y (2) cache_db.SessionStore.flush en Django 1.7.x en versiones anteriores a 1.7.10, 1.4.x en versiones anteriores a 1.4.22 y posiblemente en otras versiones, crea sesiones vacías en ciertas circunstancias, que permite a atacantes remotos causar una denegación de servicio (consumo de almacén de sesión) a través de vectores no especificados. It was found that certain Django functions would, in certain circumstances, create empty sessions. A remote attacker could use this flaw to fill up the session store or cause other users' session records to be evicted by requesting a large number of new sessions. • http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.html http://rhn.redhat.com/errata/RHSA-2015-1766.html http://rhn.redhat.com/errata/RHSA-2015-1767.html http://rhn.redhat.com/errata/RHSA-2015-1894.html http://www.debian.org/security/2015/dsa-3338 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.securityfocus.com/bid/76440 http://www.securitytracker.com/id/1033318 http://www.ubuntu.com/usn/USN-2720-1 https: • CWE-399: Resource Management Errors CWE-770: Allocation of Resources Without Limits or Throttling •