Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.840830 |
Kategorie: | Ubuntu Local Security Checks |
Titel: | Ubuntu Update for python-django USN-1297-1 |
Zusammenfassung: | Ubuntu Update for Linux kernel vulnerabilities USN-1297-1 |
Beschreibung: | Summary: Ubuntu Update for Linux kernel vulnerabilities USN-1297-1 Vulnerability Insight: Pall McMillan discovered that Django used the root namespace when storing cached session data. A remote attacker could exploit this to modify sessions. (CVE-2011-4136) Paul McMillan discovered that Django would not timeout on arbitrary URLs when the application used URLFields. This could be exploited by a remote attacker to cause a denial of service via resource exhaustion. (CVE-2011-4137) Paul McMillan discovered that while Django would check the validity of a URL via a HEAD request, it would instead use a GET request for the target of a redirect. This could potentially be used to trigger arbitrary GET requests via a crafted Location header. (CVE-2011-4138) It was discovered that Django would sometimes use a request's HTTP Host header to construct a full URL. A remote attacker could exploit this to conduct host header cache poisoning attacks via a crafted request. (CVE-2011-4139) Affected Software/OS: python-django on Ubuntu 11.04, Ubuntu 10.10, Ubuntu 10.04 LTS Solution: Please Install the Updated Packages. CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2011-4136 Debian Security Information: DSA-2332 (Google Search) http://www.debian.org/security/2011/dsa-2332 http://openwall.com/lists/oss-security/2011/09/11/1 http://openwall.com/lists/oss-security/2011/09/13/2 http://secunia.com/advisories/46614 SuSE Security Announcement: openSUSE-SU-2012:0653 (Google Search) https://hermes.opensuse.org/messages/14700881 Common Vulnerability Exposure (CVE) ID: CVE-2011-4137 http://openwall.com/lists/oss-security/2011/09/15/5 Common Vulnerability Exposure (CVE) ID: CVE-2011-4138 Common Vulnerability Exposure (CVE) ID: CVE-2011-4139 |
Copyright | Copyright (c) 2011 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |