Packet Storm

Ubuntu Security Notice USN-2469-1: Posted Jan 14, 2015; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 2469-1 - Jedediah Smith discovered that Django incorrectly handled underscores in WSGI headers. A remote attacker could possibly use this issue to spoof headers in certain environments. Mikko Ohtamaa discovered that Django incorrectly handled user-supplied redirect URLs. A remote attacker could possibly use this issue to perform a cross-site scripting attack. Alex Gaynor discovered that Django incorrectly handled reading files in django.views.static.serve(). A remote attacker could possibly use this issue to cause Django to consume resources, resulting in a denial of service. Various other issues were also addressed.; tags | advisory, remote, denial of service, spoof, xss; systems | linux, ubuntu; advisories | CVE-2015-0219, CVE-2015-0220, CVE-2015-0221, CVE-2015-0222; SHA-256 | cf000da88b9863ec2a0ae7af5936ce03f27fabeb8b4e2e9c8f5f08774d6d8b01; Download | Favorite | View

Related Files

No related files