ID de Prueba:	1.3.6.1.4.1.25623.1.0.66024
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDVSA-2009:275 (python-django)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to python-django announced via advisory MDVSA-2009:275. A vulnerability has been found and corrected in python-django: The Admin media handler in core/servers/basehttp.py in Django 1.0 and 0.96 does not properly map URL requests to expected static media files, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a crafted URL (CVE-2009-2659). The versions of Django shipping with Mandriva Linux have been updated to the latest patched version that include the fix for this issue. In addition, they provide other bug fixes. Affected: 2008.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2009:275 http://www.djangoproject.com/weblog/2009/jul/28/security/ CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2659 BugTraq ID: 35859 http://www.securityfocus.com/bid/35859 https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00055.html https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00069.html http://www.openwall.com/lists/oss-security/2009/07/29/2 http://secunia.com/advisories/36137 http://secunia.com/advisories/36153
Copyright	Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.