FreeBSD : django -- multiple vulnerabilities (3c5579f7-294a-11e4-99f6-00e0814cab4e)

medium Nessus Plugin ID 77315

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The Django project reports :

These releases address an issue with reverse() generating external URLs; a denial of service involving file uploads; a potential session hijacking issue in the remote-user middleware; and a data leak in the administrative interface. We encourage all users of Django to upgrade as soon as possible.

Solution

Update the affected packages.

See Also

https://www.djangoproject.com/weblog/2014/aug/20/security/

http://www.nessus.org/u?69c5935d

Plugin Details

Severity: Medium

ID: 77315

File Name: freebsd_pkg_3c5579f7294a11e499f600e0814cab4e.nasl

Version: 1.5

Type: local

Published: 8/22/2014

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.0

CVSS v2

Risk Factor: Medium

Base Score: 6

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:py27-django14, p-cpe:/a:freebsd:freebsd:py27-django15, p-cpe:/a:freebsd:freebsd:py32-django, p-cpe:/a:freebsd:freebsd:py32-django-devel, p-cpe:/a:freebsd:freebsd:py32-django15, p-cpe:/a:freebsd:freebsd:py33-django, p-cpe:/a:freebsd:freebsd:py33-django-devel, p-cpe:/a:freebsd:freebsd:py33-django15, p-cpe:/a:freebsd:freebsd:py34-django, p-cpe:/a:freebsd:freebsd:py34-django-devel, p-cpe:/a:freebsd:freebsd:py34-django15, p-cpe:/a:freebsd:freebsd:py27-django, p-cpe:/a:freebsd:freebsd:py27-django-devel, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 8/21/2014

Vulnerability Publication Date: 8/20/2014

Reference Information

CVE: CVE-2014-0480, CVE-2014-0481, CVE-2014-0482, CVE-2014-0483