Vulnerabilities > CVE-2014-0474 - Resource Management Errors vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not properly perform type conversion, which allows remote attackers to have unspecified impact and vectors, related to "MySQL typecasting."
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2014-5475.NASL description update to 1.4.11 fixing CVE-2014-0473 and CVE-2014-0474 Parallel installable version based on Toshio Kuratomis contribution Fixed bash completion issue Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-05-02 plugin id 73808 published 2014-05-02 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/73808 title Fedora 20 : python-django14-1.4.11-1.fc20 (2014-5475) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2014-5475. # include("compat.inc"); if (description) { script_id(73808); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_xref(name:"FEDORA", value:"2014-5475"); script_name(english:"Fedora 20 : python-django14-1.4.11-1.fc20 (2014-5475)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "update to 1.4.11 fixing CVE-2014-0473 and CVE-2014-0474 Parallel installable version based on Toshio Kuratomis contribution Fixed bash completion issue Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/package-announce/2014-May/132369.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?a9e348a5" ); script_set_attribute( attribute:"solution", value:"Update the affected python-django14 package." ); script_set_attribute(attribute:"risk_factor", value:"High"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:python-django14"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:20"); script_set_attribute(attribute:"patch_publication_date", value:"2014/04/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/05/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^20([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 20.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC20", reference:"python-django14-1.4.11-1.fc20")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python-django14"); }NASL family Fedora Local Security Checks NASL id FEDORA_2014-5562.NASL description update to 1.5.6 fixing CVE-2014-0473 and CVE-2014-0474 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-05-03 plugin id 73845 published 2014-05-03 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73845 title Fedora 19 : python-django-1.5.6-1.fc19 (2014-5562) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2014-5562. # include("compat.inc"); if (description) { script_id(73845); script_version("1.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_bugtraq_id(67038, 67040); script_xref(name:"FEDORA", value:"2014-5562"); script_name(english:"Fedora 19 : python-django-1.5.6-1.fc19 (2014-5562)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "update to 1.5.6 fixing CVE-2014-0473 and CVE-2014-0474 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1027766" ); # https://lists.fedoraproject.org/pipermail/package-announce/2014-May/132461.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?2a7ecb18" ); script_set_attribute( attribute:"solution", value:"Update the affected python-django package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:python-django"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:19"); script_set_attribute(attribute:"patch_publication_date", value:"2014/04/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/05/03"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^19([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 19.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC19", reference:"python-django-1.5.6-1.fc19")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python-django"); }NASL family Solaris Local Security Checks NASL id SOLARIS11_DJANGO_20140731.NASL description The remote Solaris system is missing necessary patches to address security updates : - The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URLs using user input and a last seen 2020-06-01 modified 2020-06-02 plugin id 80600 published 2015-01-19 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80600 title Oracle Solaris Third-Party Patch Update : django (multiple_vulnerabilities_in_django) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the Oracle Third Party software advisories. # include("compat.inc"); if (description) { script_id(80600); script_version("1.3"); script_cvs_date("Date: 2018/11/15 20:50:25"); script_cve_id("CVE-2014-0472", "CVE-2014-0473", "CVE-2014-0474"); script_name(english:"Oracle Solaris Third-Party Patch Update : django (multiple_vulnerabilities_in_django)"); script_summary(english:"Check for the 'entire' version."); script_set_attribute( attribute:"synopsis", value: "The remote Solaris system is missing a security patch for third-party software." ); script_set_attribute( attribute:"description", value: "The remote Solaris system is missing necessary patches to address security updates : - The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URLs using user input and a 'dotted Python path.' (CVE-2014-0472) - The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to bypass CSRF protections by reading the CSRF cookie for anonymous users. (CVE-2014-0473) - The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not properly perform type conversion, which allows remote attackers to have unspecified impact and vectors, related to 'MySQL typecasting.' (CVE-2014-0474)" ); # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?4a913f44" ); # https://blogs.oracle.com/sunsecurity/multiple-vulnerabilities-in-django script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?d3dc731d" ); script_set_attribute(attribute:"solution", value:"Upgrade to Solaris 11.2."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:11.2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:django"); script_set_attribute(attribute:"patch_publication_date", value:"2014/07/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris11/release", "Host/Solaris11/pkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Solaris11/release"); if (isnull(release)) audit(AUDIT_OS_NOT, "Solaris11"); pkg_list = solaris_pkg_list_leaves(); if (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, "Solaris pkg-list packages"); if (empty_or_null(egrep(string:pkg_list, pattern:"^django$"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "django"); flag = 0; if (solaris_check_release(release:"0.5.11-0.175.2.0.0.0.0", sru:"11.2 SRU 0") > 0) flag++; if (flag) { set_kb_item(name:'www/0/XSRF', value:TRUE); error_extra = 'Affected package : django\n' + solaris_get_report2(); error_extra = ereg_replace(pattern:"version", replace:"OS version", string:error_extra); if (report_verbosity > 0) security_hole(port:0, extra:error_extra); else security_hole(0); exit(0); } else audit(AUDIT_PACKAGE_NOT_AFFECTED, "django");NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2169-2.NASL description USN-2169-1 fixed vulnerabilities in Django. The upstream security patch for CVE-2014-0472 introduced a regression for certain applications. This update fixes the problem. Benjamin Bach discovered that Django incorrectly handled dotted Python paths when using the reverse() function. An attacker could use this issue to cause Django to import arbitrary modules from the Python path, resulting in possible code execution. (CVE-2014-0472) Paul McMillan discovered that Django incorrectly cached certain pages that contained CSRF cookies. An attacker could possibly use this flaw to obtain a valid cookie and perform attacks which bypass the CSRF restrictions. (CVE-2014-0473) Michael Koziarski discovered that Django did not always perform explicit conversion of certain fields when using a MySQL database. An attacker could possibly use this issue to obtain unexpected results. (CVE-2014-0474). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 73666 published 2014-04-23 reporter Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73666 title Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.10 / 14.04 LTS : python-django regression (USN-2169-2) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-2169-2. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(73666); script_version("1.6"); script_cvs_date("Date: 2019/09/19 12:54:30"); script_cve_id("CVE-2014-0472", "CVE-2014-0473", "CVE-2014-0474"); script_xref(name:"USN", value:"2169-2"); script_name(english:"Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.10 / 14.04 LTS : python-django regression (USN-2169-2)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "USN-2169-1 fixed vulnerabilities in Django. The upstream security patch for CVE-2014-0472 introduced a regression for certain applications. This update fixes the problem. Benjamin Bach discovered that Django incorrectly handled dotted Python paths when using the reverse() function. An attacker could use this issue to cause Django to import arbitrary modules from the Python path, resulting in possible code execution. (CVE-2014-0472) Paul McMillan discovered that Django incorrectly cached certain pages that contained CSRF cookies. An attacker could possibly use this flaw to obtain a valid cookie and perform attacks which bypass the CSRF restrictions. (CVE-2014-0473) Michael Koziarski discovered that Django did not always perform explicit conversion of certain fields when using a MySQL database. An attacker could possibly use this issue to obtain unexpected results. (CVE-2014-0474). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/2169-2/" ); script_set_attribute( attribute:"solution", value:"Update the affected python-django package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python-django"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:13.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/04/23"); script_set_attribute(attribute:"patch_publication_date", value:"2014/04/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/04/23"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(10\.04|12\.04|12\.10|13\.10|14\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04 / 12.04 / 12.10 / 13.10 / 14.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"10.04", pkgname:"python-django", pkgver:"1.1.1-2ubuntu1.11")) flag++; if (ubuntu_check(osver:"12.04", pkgname:"python-django", pkgver:"1.3.1-4ubuntu1.10")) flag++; if (ubuntu_check(osver:"12.10", pkgname:"python-django", pkgver:"1.4.1-2ubuntu0.6")) flag++; if (ubuntu_check(osver:"13.10", pkgname:"python-django", pkgver:"1.5.4-1ubuntu1.2")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"python-django", pkgver:"1.6.1-2ubuntu0.2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python-django"); }NASL family Fedora Local Security Checks NASL id FEDORA_2014-5486.NASL description update to 1.5.6 fixing CVE-2014-0473 and CVE-2014-0474 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-05-02 plugin id 73809 published 2014-05-02 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/73809 title Fedora 20 : python-django15-1.5.6-1.fc20 (2014-5486) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2014-5486. # include("compat.inc"); if (description) { script_id(73809); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_xref(name:"FEDORA", value:"2014-5486"); script_name(english:"Fedora 20 : python-django15-1.5.6-1.fc20 (2014-5486)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "update to 1.5.6 fixing CVE-2014-0473 and CVE-2014-0474 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/package-announce/2014-May/132322.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f8eb22f3" ); script_set_attribute( attribute:"solution", value:"Update the affected python-django15 package." ); script_set_attribute(attribute:"risk_factor", value:"High"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:python-django15"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:20"); script_set_attribute(attribute:"patch_publication_date", value:"2014/04/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/05/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^20([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 20.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC20", reference:"python-django15-1.5.6-1.fc20")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python-django15"); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2934.NASL description Several vulnerabilities were discovered in Django, a high-level Python web development framework. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2014-0472 Benjamin Bach discovered that Django incorrectly handled dotted Python paths when using the reverse() URL resolver function. An attacker able to request a specially crafted view from a Django application could use this issue to cause Django to import arbitrary modules from the Python path, resulting in possible code execution. - CVE-2014-0473 Paul McMillan discovered that Django incorrectly cached certain pages that contained CSRF cookies. A remote attacker could use this flaw to acquire the CSRF token of a different user and bypass intended CSRF protections in a Django application. - CVE-2014-0474 Michael Koziarski discovered that certain Django model field classes did not properly perform type conversion on their arguments, which allows remote attackers to obtain unexpected results. - CVE-2014-1418 Michael Nelson, Natalia Bidart and James Westby discovered that cached data in Django could be served to a different session, or to a user with no session at all. An attacker may use this to retrieve private data or poison caches. - CVE-2014-3730 Peter Kuma and Gavin Wahl discovered that Django incorrectly validated certain malformed URLs from user input. An attacker may use this to cause unexpected redirects. last seen 2020-03-17 modified 2014-05-20 plugin id 74097 published 2014-05-20 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74097 title Debian DSA-2934-1 : python-django - security update NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-542.NASL description Python Django was updated to fix security issues and bugs. Update to version 1.4.15 on openSUSE 12.3 : + Prevented reverse() from generating URLs pointing to other hosts to prevent phishing attacks (bnc#893087, CVE-2014-0480) + Removed O(n) algorithm when uploading duplicate file names to fix file upload denial of service (bnc#893088, CVE-2014-0481) + Modified RemoteUserMiddleware to logout on REMOTE_USE change to prevent session hijacking (bnc#893089, CVE-2014-0482) + Prevented data leakage in contrib.admin via query string manipulation (bnc#893090, CVE-2014-0483) + Fixed: Caches may incorrectly be allowed to store and serve private data (bnc#877993, CVE-2014-1418) + Fixed: Malformed redirect URLs from user input not correctly validated (bnc#878641, CVE-2014-3730) + Fixed queries that may return unexpected results on MySQL due to typecasting (bnc#874956, CVE-2014-0474) + Prevented leaking the CSRF token through caching (bnc#874955, CVE-2014-0473) + Fixed a remote code execution vulnerability in URL reversing (bnc#874950, CVE-2014-0472) Update to version 1.5.10 on openSUSE 13.1 : + Prevented reverse() from generating URLs pointing to other hosts to prevent phishing attacks (bnc#893087, CVE-2014-0480) + Removed O(n) algorithm when uploading duplicate file names to fix file upload denial of service (bnc#893088, CVE-2014-0481) + Modified RemoteUserMiddleware to logout on REMOTE_USE change to prevent session hijacking (bnc#893089, CVE-2014-0482) + Prevented data leakage in contrib.admin via query string manipulation (bnc#893090, CVE-2014-0483) - Update to version 1.5.8 : + Fixed: Caches may incorrectly be allowed to store and serve private data (bnc#877993, CVE-2014-1418) + Fixed: Malformed redirect URLs from user input not correctly validated (bnc#878641, CVE-2014-3730) + Fixed queries that may return unexpected results on MySQL due to typecasting (bnc#874956, CVE-2014-0474) + Prevented leaking the CSRF token through caching (bnc#874955, CVE-2014-0473) + Fixed a remote code execution vulnerability in URL reversing (bnc#874950, CVE-2014-0472) last seen 2020-06-05 modified 2014-09-17 plugin id 77718 published 2014-09-17 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77718 title openSUSE Security Update : python-django (openSUSE-SU-2014:1132-1) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2169-1.NASL description Benjamin Bach discovered that Django incorrectly handled dotted Python paths when using the reverse() function. An attacker could use this issue to cause Django to import arbitrary modules from the Python path, resulting in possible code execution. (CVE-2014-0472) Paul McMillan discovered that Django incorrectly cached certain pages that contained CSRF cookies. An attacker could possibly use this flaw to obtain a valid cookie and perform attacks which bypass the CSRF restrictions. (CVE-2014-0473) Michael Koziarski discovered that Django did not always perform explicit conversion of certain fields when using a MySQL database. An attacker could possibly use this issue to obtain unexpected results. (CVE-2014-0474). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 73665 published 2014-04-23 reporter Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73665 title Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.10 / 14.04 LTS : python-django vulnerabilities (USN-2169-1) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_59E72DB2CAE611E3842000E0814CAB4E.NASL description The Django project reports : These releases address an unexpected code-execution issue, a caching issue which can expose CSRF tokens and a MySQL typecasting issue. While these issues present limited risk and may not affect all Django users, we encourage all users to evaluate their own risk and upgrade as soon as possible. last seen 2020-06-01 modified 2020-06-02 plugin id 73676 published 2014-04-24 reporter This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73676 title FreeBSD : django -- multiple vulnerabilities (59e72db2-cae6-11e3-8420-00e0814cab4e) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2014-113.NASL description Multiple vulnerabilities has been discovered and corrected in python-django : Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly include the (1) Vary: Cookie or (2) Cache-Control header in responses, which allows remote attackers to obtain sensitive information or poison the cache via a request from certain browsers (CVE-2014-1418). The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate URLs, which allows remote attackers to conduct open redirect attacks via a malformed URL, as demonstrated by http:\djangoproject.com. (CVE-2014-3730). The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URLs using user input and a dotted Python path. (CVE-2014-0472). The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to bypass CSRF protections by reading the CSRF cookie for anonymous users (CVE-2014-0473). The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not properly perform type conversion, which allows remote attackers to have unspecified impact and vectors, related to MySQL typecasting. (CVE-2014-0474). The updated packages have been patched to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 74446 published 2014-06-11 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/74446 title Mandriva Linux Security Advisory : python-django (MDVSA-2014:113) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201406-26.NASL description The remote host is affected by the vulnerability described in GLSA-201406-26 (Django: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Django. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could execute code with the privileges of the process, modify SQL queries, or disclose sensitive information. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 76270 published 2014-06-27 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/76270 title GLSA-201406-26 : Django: Multiple vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2014-5503.NASL description update to 1.6.3 fixing CVE-2014-0473 and CVE-2014-0474 update to 1.6.2 (rhbz#1027766) Please note, it is required to update python-django and python3-django as well in one transaction. yum update or dnf update will do that for you. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-05-02 plugin id 73812 published 2014-05-02 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/73812 title Fedora 20 : python-django-1.6.3-1.fc20 (2014-5503)
Redhat
| advisories |
| ||||||||
| rpms |
|
References
- https://www.djangoproject.com/weblog/2014/apr/21/security/
- http://www.ubuntu.com/usn/USN-2169-1
- http://rhn.redhat.com/errata/RHSA-2014-0457.html
- http://www.debian.org/security/2014/dsa-2934
- http://rhn.redhat.com/errata/RHSA-2014-0456.html
- http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html
- http://secunia.com/advisories/61281