Django Directory Traversal Vulnerability (Linux) Network Vulnerability

Summary

This host has Django installed and is prone to Directory Traversal Vulnerability.

Impact

Successful exploitation will let the attacker launch directory traversal attack and read arbitrary files via crafted URLs. Impact Level: Application

Solution

Upgrade to Django 0.96.4 or 1.0.3 later. http://www.djangoproject.com/download/

Insight

Admin media handler in core/servers/basehttp.py does not properly map URL requests to expected 'static media files,' caused via a carefully-crafted URL whcih can cause the development server to serve any file to which it has read access.

Affected

Django 0.96 before 0.96.4 and 1.0 before 1.0.3 on Linux

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539134
http://secunia.com/advisories/36137
http://www.djangoproject.com/weblog/2009/jul/28/security/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-2659
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apache mod_proxy_ajp Information Disclosure Vulnerability
Apache Archiva Multiple Vulnerabilities
Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
Apache Solr XML External Entity(XXE) Vulnerability-01 Jan-14
Apache Solr Directory Traversal Vulnerability Jan-14

Take action and discover your vulnerabilities