all things security
Showing 1 - 4 of 4 RSS Feed

CVE-2012-4520

Status Candidate

Overview

The django.http.HttpRequest.get_host function in Django 1.3.x before 1.3.4 and 1.4.x before 1.4.2 allows remote attackers to generate and display arbitrary URLs via crafted username and password Host header values.

Related Files

Ubuntu Security Notice USN-1757-1
Posted Mar 8, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1757-1 - James Kettle discovered that Django did not properly filter the Host HTTP header when processing certain requests. An attacker could exploit this to generate and display arbitrary URLs to users. Although this issue had been previously addressed in USN-1632-1, this update adds additional hardening measures to host header validation. This update also adds a new ALLOWED_HOSTS setting that can be set to a list of acceptable values for headers. Orange Tsai discovered that Django incorrectly performed permission checks when displaying the history view in the admin interface. An administrator could use this flaw to view the history of any object, regardless of intended permissions. Various other issues were also addressed.

tags | advisory, web, arbitrary
systems | linux, ubuntu
advisories | CVE-2012-4520, CVE-2013-0305, CVE-2013-0306, CVE-2013-1665, CVE-2012-4520, CVE-2013-0305, CVE-2013-0306, CVE-2013-1664, CVE-2013-1665
MD5 | 87e3a12e74a5e44e819568675aa4d16a
Debian Security Advisory 2634-1
Posted Feb 27, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2634-1 - Several vulnerabilities have been discovered in python-django, a high-level python web development framework.

tags | advisory, web, vulnerability, python
systems | linux, debian
advisories | CVE-2012-4520, CVE-2013-0305, CVE-2013-0306, CVE-2013-1665
MD5 | ec59d53a4cee74e8933db14c4354a884
Mandriva Linux Security Advisory 2012-181
Posted Dec 19, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-181 - Multiple host header poisoning flaws were found and fixed in Django. The updated packages have been upgraded to the 1.3.5 version which is not affected by these issues.

tags | advisory
systems | linux, mandriva
advisories | CVE-2012-4520
MD5 | 14745dc9de7b6f92549630e1dde0ee9a
Ubuntu Security Notice USN-1632-1
Posted Nov 16, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1632-1 - James Kettle discovered Django did not properly filter the Host HTTP header when processing certain requests. An attacker could exploit this to generate and display arbitrary URLs to users.

tags | advisory, web, arbitrary
systems | linux, ubuntu
advisories | CVE-2012-4520
MD5 | 9bebbd5e8ceb31c6d2a5b2c7a8a71843
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close