Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-2659

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2009-2659
Last Modified 12 Aug 2009 01:30:38
Published 04 Aug 2009 12:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-2659

Summary

The Admin media handler in core/servers/basehttp.py in Django 1.0 and 0.96 does not properly map URL requests to expected "static media files," which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a crafted URL.

Vulnerable Systems

Application

  • Django Project Django 0.96

  • Django Project Django 1.0


References

CONFIRM - http://www.djangoproject.com/weblog/2009/jul/28/security/

FEDORA - FEDORA-2009-8177

FEDORA - FEDORA-2009-8169

BID - 35859

MLIST - [oss-security] 20090729 CVE Request (django)

SECUNIA - 36153

SECUNIA - 36137

CONFIRM - http://code.djangoproject.com/changeset/11353

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539134


Last Updated: 27 May 2016 10:50:59