CVE-2013-6044 – python-django: xss in is_safe_url function
https://notcve.org/view.php?id=CVE-2013-6044
The is_safe_url function in utils/http.py in Django 1.4.x before 1.4.6, 1.5.x before 1.5.2, and 1.6 before beta 2 treats a URL's scheme as safe even if it is not HTTP or HTTPS, which might introduce cross-site scripting (XSS) or other vulnerabilities into Django applications that use this function, as demonstrated by "the login view in django.contrib.auth.views" and the javascript: scheme. La función is_safe_url en utils/http.py de Django 1.4.x anterior a la versión 1.4.6, 1.5.x anterior a la versión 1.5.2, y 1.6 anterior a beta 2 trata un esquema de URL como seguro incluso si no es HTTP o HTTPS, lo que podría permitir XSS u otras vulnerabilidades en aplicaciones Django que usen esta función, como se ha demostrado con "la vista de inicio de sesión en django.contrib.auth.views" y el javascript: scheme. • http://lists.opensuse.org/opensuse-updates/2013-10/msg00015.html http://rhn.redhat.com/errata/RHSA-2013-1521.html http://seclists.org/oss-sec/2013/q3/369 http://seclists.org/oss-sec/2013/q3/411 http://secunia.com/advisories/54476 http://www.debian.org/security/2013/dsa-2740 http://www.securityfocus.com/bid/61777 http://www.securitytracker.com/id/1028915 https://exchange.xforce.ibmcloud.com/vulnerabilities/86437 https://github.com/django/django/commit/1a274ccd6bc1afbdac80344c9 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-1443
https://notcve.org/view.php?id=CVE-2013-1443
The authentication framework (django.contrib.auth) in Django 1.4.x before 1.4.8, 1.5.x before 1.5.4, and 1.6.x before 1.6 beta 4 allows remote attackers to cause a denial of service (CPU consumption) via a long password which is then hashed. El framework de autenticación (django.contrib.auth) en Django 1.4.x anteriores a 1.4.8, 1.5.x anteriores a 1.5.4, y 1.6.x anteriores a 1.6 beta 4 permite a atacantes remotos causar denegación de servicio (consumo de CPU) a través de una contraseña larga al ser luego procesada por una función de resumen (hashed). • http://lists.opensuse.org/opensuse-updates/2013-10/msg00015.html http://lists.opensuse.org/opensuse-updates/2013-11/msg00035.html http://python.6.x6.nabble.com/Set-a-reasonable-upper-bound-on-password-length-td5032218.html http://www.debian.org/security/2013/dsa-2758 https://www.djangoproject.com/weblog/2013/sep/15/security • CWE-287: Improper Authentication •
CVE-2013-4315 – python-django: directory traversal with "ssi" template tag
https://notcve.org/view.php?id=CVE-2013-4315
Directory traversal vulnerability in Django 1.4.x before 1.4.7, 1.5.x before 1.5.3, and 1.6.x before 1.6 beta 3 allows remote attackers to read arbitrary files via a file path in the ALLOWED_INCLUDE_ROOTS setting followed by a .. (dot dot) in a ssi template tag. Vulnerabilidad de recorrido de directorios en Django 1.4.x anterior a 1.4.7, 1.5.x anterior a 1.5.3, y 1.6.x anterior a 1.6 beta 3 permite a atacantes remotos leer ficheros arbitrarios a través de una ruta de fichero en la opción ALLOWED_INCLUDE_ROOTS en una etiqueta de plantilla ssi • http://lists.opensuse.org/opensuse-updates/2013-10/msg00015.html http://rhn.redhat.com/errata/RHSA-2013-1521.html http://secunia.com/advisories/54772 http://secunia.com/advisories/54828 http://www.debian.org/security/2013/dsa-2755 https://www.djangoproject.com/weblog/2013/sep/10/security-releases-issued https://access.redhat.com/security/cve/CVE-2013-4315 https://bugzilla.redhat.com/show_bug.cgi?id=1004969 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2013-0306 – Django: Formset denial-of-service
https://notcve.org/view.php?id=CVE-2013-0306
The form library in Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 allows remote attackers to bypass intended resource limits for formsets and cause a denial of service (memory consumption) or trigger server errors via a modified max_num parameter. Vulnerabilidad sin especificar en el formulario "library" en Django v1.3.x antes de v1.3.6, v1.4.x antes de v1.4.4, v1.5 antes de release candidate v2 permite a atacantes remotos evitar las restricciones de los recursos y causar una denegación de servicios (consumo de memoria) o disparar errores del servidor a través de un parámetro max_num modificado. • http://rhn.redhat.com/errata/RHSA-2013-0670.html http://ubuntu.com/usn/usn-1757-1 http://www.debian.org/security/2013/dsa-2634 https://www.djangoproject.com/weblog/2013/feb/19/security https://access.redhat.com/security/cve/CVE-2013-0306 https://bugzilla.redhat.com/show_bug.cgi?id=913042 • CWE-189: Numeric Errors •
CVE-2013-0305 – Django: Data leakage via admin history log
https://notcve.org/view.php?id=CVE-2013-0305
The administrative interface for Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 does not check permissions for the history view, which allows remote authenticated administrators to obtain sensitive object history information. La interfaz administrativa para Django v1.3.x antes de v1.3.6, v1.4.x antes de v1.4.4, y v1.5 antes de la release candidate v2 no comprueba los permisos para la vista del historial, que permite a usuarios administradores autenticados obtener información del historial. • http://rhn.redhat.com/errata/RHSA-2013-0670.html http://ubuntu.com/usn/usn-1757-1 http://www.debian.org/security/2013/dsa-2634 https://www.djangoproject.com/weblog/2013/feb/19/security https://access.redhat.com/security/cve/CVE-2013-0305 https://bugzilla.redhat.com/show_bug.cgi?id=913041 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •