Detections
Analytics

FreeBSD : django -- multiple vulnerabilities (f9e6c0d1-e4cc-11e5-b2bd-002590263bf5)

high Nessus Plugin ID 89728

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Tim Graham reports :

Malicious redirect and possible XSS attack via user-supplied redirect URLs containing basic auth

User enumeration through timing difference on password hasher work factor upgrade

Solution

Update the affected packages.

See Also

https://www.djangoproject.com/weblog/2016/mar/01/security-releases/

http://www.nessus.org/u?0934457c

Plugin Details

Severity: High

ID: 89728

File Name: freebsd_pkg_f9e6c0d1e4cc11e5b2bd002590263bf5.nasl

Version: 2.6

Type: local

Published: 3/8/2016

Updated: 1/4/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS v3

Risk Factor: High

Base Score: 7.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:py27-django, p-cpe:/a:freebsd:freebsd:py27-django-devel, p-cpe:/a:freebsd:freebsd:py27-django18, p-cpe:/a:freebsd:freebsd:py27-django19, p-cpe:/a:freebsd:freebsd:py32-django, p-cpe:/a:freebsd:freebsd:py32-django-devel, p-cpe:/a:freebsd:freebsd:py32-django18, p-cpe:/a:freebsd:freebsd:py32-django19, p-cpe:/a:freebsd:freebsd:py33-django, p-cpe:/a:freebsd:freebsd:py33-django-devel, p-cpe:/a:freebsd:freebsd:py33-django18, p-cpe:/a:freebsd:freebsd:py33-django19, p-cpe:/a:freebsd:freebsd:py34-django, p-cpe:/a:freebsd:freebsd:py34-django-devel, p-cpe:/a:freebsd:freebsd:py34-django18, p-cpe:/a:freebsd:freebsd:py34-django19, p-cpe:/a:freebsd:freebsd:py35-django, p-cpe:/a:freebsd:freebsd:py35-django-devel, p-cpe:/a:freebsd:freebsd:py35-django18, p-cpe:/a:freebsd:freebsd:py35-django19, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 3/8/2016

Vulnerability Publication Date: 3/1/2016

Reference Information

CVE: CVE-2016-2512, CVE-2016-2513