Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3442

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-3442
Last Modified 10 Apr 2013 11:29:59
Published 31 Jul 2012 01:55:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-3442

Summary

The (1) django.http.HttpResponseRedirect and (2) django.http.HttpResponsePermanentRedirect classes in Django before 1.3.2 and 1.4.x before 1.4.1 do not validate the scheme of a redirect target, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via a data: URL.

Vulnerable Systems

Application

  • Djangoproject Django 0.95

  • Djangoproject Django 0.96

  • Djangoproject Django 1.0

  • Djangoproject Django 1.0.1

  • Djangoproject Django 1.0.2

  • Djangoproject Django 1.1

  • Djangoproject Django 1.1.2

  • Djangoproject Django 1.1.3

  • Djangoproject Django 1.1.4

  • Djangoproject Django 1.2

  • Djangoproject Django 1.2-alpha1

  • Djangoproject Django 1.2.2

  • Djangoproject Django 1.2.4

  • Djangoproject Django 1.2.5

  • Djangoproject Django 1.2.6

  • Djangoproject Django 1.2.7

  • Djangoproject Django 1.3

  • Djangoproject Django 1.4


References

CONFIRM - https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/

MLIST - [oss-security] 20120730 Re: CVE Request: Django 1.3.1 and 1.4.0 security issues

MLIST - [oss-security] 20120730 CVE Request: Django 1.3.1 and 1.4.0 security issues

UBUNTU - USN-1560-1

DEBIAN - DSA-2529

MANDRIVA - MDVSA-2012:143


Last Updated: 27 May 2016 10:55:01