RHEL 6 : python-django-horizon (RHSA-2012:1380)

medium Nessus Plugin ID 193675

Synopsis

The remote Red Hat host is missing a security update for python-django-horizon.

Description

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2012:1380 advisory.

Horizon is the OpenStack Dashboard (http://www.openstack.org), a web interface for managing OpenStack services.

An open redirect flaw was found in the way Horizon handled authentication.
A remote attacker able to trick a victim into opening the Horizon login page using a specially-crafted link could redirect the victim to an arbitrary web page, and conduct phishing attacks, after the victim successfully logs in. (CVE-2012-3540)

Red Hat would like to thank Thomas Biege of SUSE for reporting this issue.

All users of Horizon are advised to upgrade to these updated packages, which correct this issue. After installing the updated packages, the httpd daemon must be restarted (service httpd restart) for the update to take effect.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL python-django-horizon package based on the guidance in RHSA-2012:1380.

See Also

https://access.redhat.com/security/updates/classification/#low

https://bugzilla.redhat.com/show_bug.cgi?id=852246

http://www.nessus.org/u?fa483caf

https://access.redhat.com/errata/RHSA-2012:1380

Plugin Details

Severity: Medium

ID: 193675

File Name: redhat-RHSA-2012-1380.nasl

Version: 1.1

Type: local

Agent: unix

Published: 4/21/2024

Updated: 11/4/2024

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.8

Vendor

Vendor Severity: Low

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Temporal Score: 4.5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS Score Source: CVE-2012-3540

CVSS v3

Risk Factor: Medium

Base Score: 6.1

Temporal Score: 5.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:python-django-horizon-doc, cpe:/o:redhat:enterprise_linux:6, p-cpe:/a:redhat:enterprise_linux:openstack-dashboard, p-cpe:/a:redhat:enterprise_linux:python-django-horizon

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/16/2012

Vulnerability Publication Date: 8/30/2012

Reference Information

CVE: CVE-2012-3540

RHSA: 2012:1380