Summary
Ubuntu Update for Linux kernel vulnerabilities USN-1066-1
Solution
Please Install the Updated Packages.
Insight
It was discovered that Django did not properly validate HTTP requests that contain an X-Requested-With header. An attacker could exploit this vulnerability to perform cross-site request forgery (CSRF) attacks.
(CVE-2011-0696)
It was discovered that Django did not properly sanitize its input when performing file uploads, resulting in cross-site scripting (XSS) vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. (CVE-2011-0697)
Affected
python-django vulnerabilities on Ubuntu 9.10 ,
Ubuntu 10.04 LTS ,
Ubuntu 10.10
Severity
Classification
-
CVE CVE-2011-0696, CVE-2011-0697 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities