CVE-2011-0698 - OpenCVE

Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 on Windows might allow remote attackers to read or execute files via a / (slash) character in a key in a session cookie, related to session replays.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Djangoproject	Django
Microsoft	Windows

Configuration 1 [-]

AND

OR	cpe:2.3:a:djangoproject:django:1.1:::::::*
	cpe:2.3:a:djangoproject:django:1.1.0:::::::*
	cpe:2.3:a:djangoproject:django:1.1.2:::::::*
	cpe:2.3:a:djangoproject:django:1.1.3:::::::*

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND

OR	cpe:2.3:a:djangoproject:django:1.2:::::::*
	cpe:2.3:a:djangoproject:django:1.2.1:::::::*
	cpe:2.3:a:djangoproject:django:1.2.2:::::::*
	cpe:2.3:a:djangoproject:django:1.2.3:::::::*
	cpe:2.3:a:djangoproject:django:1.2.4:::::::*

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://openwall.com/lists/oss-security/2011/02/09/6
http://secunia.com/advisories/43230
http://www.djangoproject.com/weblog/2011/feb/08/security/
http://www.mandriva.com/security/advisories?name=MDVSA-2011:031
http://www.securityfocus.com/bid/46296
http://www.vupen.com/english/advisories/2011/0372
http://www.vupen.com/english/advisories/2011/0439

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2011-02-14T20:00:00

Updated: 2024-08-06T21:58:26.134Z

Reserved: 2011-01-31T00:00:00

Link: CVE-2011-0698

Vulnrichment

No data.

NVD

Status : Modified

Published: 2011-02-14T21:00:03.320

Modified: 2011-02-23T06:48:28.283

Link: CVE-2011-0698

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-02-08T00:00:00", "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 on Windows might allow remote attackers to read or execute files via a / (slash) character in a key in a session cookie, related to session replays."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2011-02-23T10:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "ADV-2011-0439", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0439"}, {"name": "[oss-security] 20110209 Django multiple flaws (CVEs inside)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/02/09/6"}, {"name": "43230", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/43230"}, {"name": "ADV-2011-0372", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0372"}, {"name": "46296", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/46296"}, {"name": "MDVSA-2011:031", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:031"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.djangoproject.com/weblog/2011/feb/08/security/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-0698", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 on Windows might allow remote attackers to read or execute files via a / (slash) character in a key in a session cookie, related to session replays."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2011-0439", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0439"}, {"name": "[oss-security] 20110209 Django multiple flaws (CVEs inside)", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/02/09/6"}, {"name": "43230", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/43230"}, {"name": "ADV-2011-0372", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0372"}, {"name": "46296", "refsource": "BID", "url": "http://www.securityfocus.com/bid/46296"}, {"name": "MDVSA-2011:031", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:031"}, {"name": "http://www.djangoproject.com/weblog/2011/feb/08/security/", "refsource": "CONFIRM", "url": "http://www.djangoproject.com/weblog/2011/feb/08/security/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T21:58:26.134Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2011-0439", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2011/0439"}, {"name": "[oss-security] 20110209 Django multiple flaws (CVEs inside)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/02/09/6"}, {"name": "43230", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/43230"}, {"name": "ADV-2011-0372", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2011/0372"}, {"name": "46296", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/46296"}, {"name": "MDVSA-2011:031", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:031"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.djangoproject.com/weblog/2011/feb/08/security/"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-0698", "datePublished": "2011-02-14T20:00:00", "dateReserved": "2011-01-31T00:00:00", "dateUpdated": "2024-08-06T21:58:26.134Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:djangoproject:django:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "56846659-96C8-497C-8404-3975E5B6385B", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "2DAB4639-B81D-412A-A081-EFF46737CA5D", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "BF068CD9-B33A-4C51-9FBA-CFDAE91E174E", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "26D338D9-1504-4933-B833-BD7F1864E89D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:djangoproject:django:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "AD257D91-EF31-4103-9007-944603ABA271", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "99387F31-9E04-4A73-A1C6-C05F96A8DB38", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "064C9403-8A43-42C7-A1FD-03CC49A32FB1", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "5BCDB95B-88F2-466A-A4F9-4C080183E39B", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "17B99C62-A653-45C1-A061-05A8FAD52107", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 on Windows might allow remote attackers to read or execute files via a / (slash) character in a key in a session cookie, related to session replays."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en Django v1.1.x antes de v1.1.4 y v1.2.x antes de v1.2.5 en Windows, cuando est\u00e1 habilitado permite a atacantes remotos incluir y ejecutar ficheros locales de su elecci\u00f3n al utilizar caracteres /(barra) en la llave de una cookie de sesi\u00f3n , relacionada con la repetici\u00f3n de sesiones.\r\n"}], "id": "CVE-2011-0698", "lastModified": "2011-02-23T06:48:28.283", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-02-14T21:00:03.320", "references": [{"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://openwall.com/lists/oss-security/2011/02/09/6"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/43230"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.djangoproject.com/weblog/2011/feb/08/security/"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:031"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/46296"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2011/0372"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2011/0439"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}