Ubuntu Update For Python-django Vulnerabilities USN-1066-1 Network Vulnerability

Summary

Ubuntu Update for Linux kernel vulnerabilities USN-1066-1

Solution

Please Install the Updated Packages.

Insight

It was discovered that Django did not properly validate HTTP requests that contain an X-Requested-With header. An attacker could exploit this vulnerability to perform cross-site request forgery (CSRF) attacks. (CVE-2011-0696) It was discovered that Django did not properly sanitize its input when performing file uploads, resulting in cross-site scripting (XSS) vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. (CVE-2011-0697)

Affected

python-django vulnerabilities on Ubuntu 9.10 , Ubuntu 10.04 LTS , Ubuntu 10.10

Severity

Classification

CVE CVE-2011-0696, CVE-2011-0697
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Ubuntu Update for clamav USN-1482-2
Ubuntu Update for cinder USN-2405-1
Ubuntu Update for bind9 USN-1139-1
Ubuntu Update for backuppc USN-1444-1
Ubuntu Update for cups USN-2172-1

Ubuntu Update for python-django vulnerabilities USN-1066-1

Take action and discover your vulnerabilities