ID de Prueba:	1.3.6.1.4.1.25623.1.0.69056
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2011:031 (python-django)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to python-django announced via advisory MDVSA-2011:031. Multiple vulnerabilities has been found and corrected in python-django: Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via forged AJAX requests that leverage a combination of browser plugins and redirects, a related issue to CVE-2011-0447 (CVE-2011-0696). Cross-site scripting (XSS) vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 might allow remote attackers to inject arbitrary web script or HTML via a filename associated with a file upload (CVE-2011-0697). Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 on Windows might allow remote attackers to read or execute files via a / (slash) character in a key in a session cookie, related to session replays (CVE-2011-0698). The updated packages have been upgraded to the 1.1.4 version which is not vulnerable to these issues. Affected: 2010.0, 2010.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2011:031 Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-0447 BugTraq ID: 46291 http://www.securityfocus.com/bid/46291 Debian Security Information: DSA-2247 (Google Search) http://www.debian.org/security/2011/dsa-2247 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html http://groups.google.com/group/rubyonrails-security/msg/c22ea1668c0d181c?dmode=source&output=gplain http://www.securitytracker.com/id?1025060 http://secunia.com/advisories/43274 http://secunia.com/advisories/43666 http://www.vupen.com/english/advisories/2011/0587 http://www.vupen.com/english/advisories/2011/0877 Common Vulnerability Exposure (CVE) ID: CVE-2011-0696 43230 http://secunia.com/advisories/43230 43297 http://secunia.com/advisories/43297 43382 http://secunia.com/advisories/43382 43426 http://secunia.com/advisories/43426 46296 http://www.securityfocus.com/bid/46296 ADV-2011-0372 http://www.vupen.com/english/advisories/2011/0372 ADV-2011-0388 http://www.vupen.com/english/advisories/2011/0388 ADV-2011-0429 http://www.vupen.com/english/advisories/2011/0429 ADV-2011-0439 http://www.vupen.com/english/advisories/2011/0439 ADV-2011-0441 http://www.vupen.com/english/advisories/2011/0441 DSA-2163 http://www.debian.org/security/2011/dsa-2163 FEDORA-2011-1235 http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054208.html FEDORA-2011-1261 http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054207.html MDVSA-2011:031 http://www.mandriva.com/security/advisories?name=MDVSA-2011:031 USN-1066-1 http://www.ubuntu.com/usn/USN-1066-1 [oss-security] 20110209 Django multiple flaws (CVEs inside) http://openwall.com/lists/oss-security/2011/02/09/6 http://www.djangoproject.com/weblog/2011/feb/08/security/ https://bugzilla.redhat.com/show_bug.cgi?id=676357 Common Vulnerability Exposure (CVE) ID: CVE-2011-0697 https://bugzilla.redhat.com/show_bug.cgi?id=676359 Common Vulnerability Exposure (CVE) ID: CVE-2011-0698 BugTraq ID: 46296
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.