RHSA-2014:0457
Vulnerability from csaf_redhat
Published
2014-04-30 19:01
Modified
2024-11-22 07:51
Summary
Red Hat Security Advisory: Django security update
Notes
Topic
Updated Django packages that fix three security issues are now available
for Red Hat Enterprise Linux OpenStack Platform 3.0.
The Red Hat Security Response Team has rated this update as having Moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
The Django web framework is used by horizon, the OpenStack Dashboard, which
is a web interface for managing OpenStack services.
A flaw was found in the way Django's reverse() URL resolver function
constructed certain URLs. A remote attacker able to request a specially
crafted view from a Django application could use this flaw to import and
execute arbitrary Python modules on the system under the privileges of the
user running the application. (CVE-2014-0472)
It was found that Django's caching framework reused Cross-Site Request
Forgery (CSRF) nonces for all requests from unauthenticated clients.
A remote attacker could use this flaw to acquire the CSRF token of a
different user and bypass intended CSRF protections in a Django
application. (CVE-2014-0473)
It was discovered that certain Django model field classes did not properly
perform type conversion on their arguments. A remote attacker could use
this flaw to submit a specially crafted SQL query that, when processed by a
Django application using a MySQL database, could have various
application-specific impacts on the MySQL database. (CVE-2014-0474)
Red Hat would like to thank the upstream Django project for reporting this
issue. Upstream acknowledges Benjamin Bach as the original reporter of
CVE-2014-0472, Paul McMillan as the original reporter of CVE-2014-0473, and
the Ruby on Rails team, and specifically Michael Koziarski, as the original
reporters of CVE-2014-0474.
All users of OpenStack Dashboard are advised to upgrade to these updated
packages, which resolve these issues. After installing the updated
packages, the httpd daemon must be restarted ("service httpd restart") for
the update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated Django packages that fix three security issues are now available\nfor Red Hat Enterprise Linux OpenStack Platform 3.0.\n\nThe Red Hat Security Response Team has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Django web framework is used by horizon, the OpenStack Dashboard, which\nis a web interface for managing OpenStack services.\n\nA flaw was found in the way Django\u0027s reverse() URL resolver function\nconstructed certain URLs. A remote attacker able to request a specially\ncrafted view from a Django application could use this flaw to import and\nexecute arbitrary Python modules on the system under the privileges of the\nuser running the application. (CVE-2014-0472)\n\nIt was found that Django\u0027s caching framework reused Cross-Site Request\nForgery (CSRF) nonces for all requests from unauthenticated clients.\nA remote attacker could use this flaw to acquire the CSRF token of a\ndifferent user and bypass intended CSRF protections in a Django\napplication. (CVE-2014-0473)\n\nIt was discovered that certain Django model field classes did not properly\nperform type conversion on their arguments. A remote attacker could use\nthis flaw to submit a specially crafted SQL query that, when processed by a\nDjango application using a MySQL database, could have various\napplication-specific impacts on the MySQL database. (CVE-2014-0474)\n\nRed Hat would like to thank the upstream Django project for reporting this\nissue. Upstream acknowledges Benjamin Bach as the original reporter of\nCVE-2014-0472, Paul McMillan as the original reporter of CVE-2014-0473, and\nthe Ruby on Rails team, and specifically Michael Koziarski, as the original\nreporters of CVE-2014-0474.\n\nAll users of OpenStack Dashboard are advised to upgrade to these updated\npackages, which resolve these issues. After installing the updated\npackages, the httpd daemon must be restarted (\"service httpd restart\") for\nthe update to take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2014:0457",
"url": "https://access.redhat.com/errata/RHSA-2014:0457"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1090588",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1090588"
},
{
"category": "external",
"summary": "1090592",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1090592"
},
{
"category": "external",
"summary": "1090593",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1090593"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0457.json"
}
],
"title": "Red Hat Security Advisory: Django security update",
"tracking": {
"current_release_date": "2024-11-22T07:51:41+00:00",
"generator": {
"date": "2024-11-22T07:51:41+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2014:0457",
"initial_release_date": "2014-04-30T19:01:19+00:00",
"revision_history": [
{
"date": "2014-04-30T19:01:19+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2014-04-30T19:01:19+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T07:51:41+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux OpenStack Platform 3.0",
"product": {
"name": "Red Hat Enterprise Linux OpenStack Platform 3.0",
"product_id": "6Server-Grizzly",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:3::el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenStack Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "Django14-doc-0:1.4.11-1.el6ost.noarch",
"product": {
"name": "Django14-doc-0:1.4.11-1.el6ost.noarch",
"product_id": "Django14-doc-0:1.4.11-1.el6ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/Django14-doc@1.4.11-1.el6ost?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "Django14-0:1.4.11-1.el6ost.noarch",
"product": {
"name": "Django14-0:1.4.11-1.el6ost.noarch",
"product_id": "Django14-0:1.4.11-1.el6ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/Django14@1.4.11-1.el6ost?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "Django14-0:1.4.11-1.el6ost.src",
"product": {
"name": "Django14-0:1.4.11-1.el6ost.src",
"product_id": "Django14-0:1.4.11-1.el6ost.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/Django14@1.4.11-1.el6ost?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "Django14-0:1.4.11-1.el6ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 3.0",
"product_id": "6Server-Grizzly:Django14-0:1.4.11-1.el6ost.noarch"
},
"product_reference": "Django14-0:1.4.11-1.el6ost.noarch",
"relates_to_product_reference": "6Server-Grizzly"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "Django14-0:1.4.11-1.el6ost.src as a component of Red Hat Enterprise Linux OpenStack Platform 3.0",
"product_id": "6Server-Grizzly:Django14-0:1.4.11-1.el6ost.src"
},
"product_reference": "Django14-0:1.4.11-1.el6ost.src",
"relates_to_product_reference": "6Server-Grizzly"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "Django14-doc-0:1.4.11-1.el6ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 3.0",
"product_id": "6Server-Grizzly:Django14-doc-0:1.4.11-1.el6ost.noarch"
},
"product_reference": "Django14-doc-0:1.4.11-1.el6ost.noarch",
"relates_to_product_reference": "6Server-Grizzly"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"upstream Django project"
]
},
{
"names": [
"Benjamin Bach"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2014-0472",
"discovery_date": "2014-04-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1090588"
}
],
"notes": [
{
"category": "description",
"text": "The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URLs using user input and a \"dotted Python path.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-django: unexpected code execution using reverse()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-Grizzly:Django14-0:1.4.11-1.el6ost.noarch",
"6Server-Grizzly:Django14-0:1.4.11-1.el6ost.src",
"6Server-Grizzly:Django14-doc-0:1.4.11-1.el6ost.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-0472"
},
{
"category": "external",
"summary": "RHBZ#1090588",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1090588"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-0472",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0472"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0472",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0472"
}
],
"release_date": "2014-04-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-04-30T19:01:19+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"6Server-Grizzly:Django14-0:1.4.11-1.el6ost.noarch",
"6Server-Grizzly:Django14-0:1.4.11-1.el6ost.src",
"6Server-Grizzly:Django14-doc-0:1.4.11-1.el6ost.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0457"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"6Server-Grizzly:Django14-0:1.4.11-1.el6ost.noarch",
"6Server-Grizzly:Django14-0:1.4.11-1.el6ost.src",
"6Server-Grizzly:Django14-doc-0:1.4.11-1.el6ost.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python-django: unexpected code execution using reverse()"
},
{
"acknowledgments": [
{
"names": [
"upstream Django project"
]
},
{
"names": [
"Paul McMillan"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2014-0473",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"discovery_date": "2014-04-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1090592"
}
],
"notes": [
{
"category": "description",
"text": "The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to bypass CSRF protections by reading the CSRF cookie for anonymous users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-django: caching of anonymous pages could reveal CSRF token",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-Grizzly:Django14-0:1.4.11-1.el6ost.noarch",
"6Server-Grizzly:Django14-0:1.4.11-1.el6ost.src",
"6Server-Grizzly:Django14-doc-0:1.4.11-1.el6ost.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-0473"
},
{
"category": "external",
"summary": "RHBZ#1090592",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1090592"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-0473",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0473"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0473",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0473"
}
],
"release_date": "2014-04-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-04-30T19:01:19+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"6Server-Grizzly:Django14-0:1.4.11-1.el6ost.noarch",
"6Server-Grizzly:Django14-0:1.4.11-1.el6ost.src",
"6Server-Grizzly:Django14-doc-0:1.4.11-1.el6ost.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0457"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"6Server-Grizzly:Django14-0:1.4.11-1.el6ost.noarch",
"6Server-Grizzly:Django14-0:1.4.11-1.el6ost.src",
"6Server-Grizzly:Django14-doc-0:1.4.11-1.el6ost.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python-django: caching of anonymous pages could reveal CSRF token"
},
{
"acknowledgments": [
{
"names": [
"upstream Django project"
]
}
],
"cve": "CVE-2014-0474",
"discovery_date": "2014-04-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1090593"
}
],
"notes": [
{
"category": "description",
"text": "The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not properly perform type conversion, which allows remote attackers to have unspecified impact and vectors, related to \"MySQL typecasting.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-django: MySQL typecasting",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-Grizzly:Django14-0:1.4.11-1.el6ost.noarch",
"6Server-Grizzly:Django14-0:1.4.11-1.el6ost.src",
"6Server-Grizzly:Django14-doc-0:1.4.11-1.el6ost.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-0474"
},
{
"category": "external",
"summary": "RHBZ#1090593",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1090593"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-0474",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0474"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0474",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0474"
}
],
"release_date": "2014-04-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2014-04-30T19:01:19+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
"product_ids": [
"6Server-Grizzly:Django14-0:1.4.11-1.el6ost.noarch",
"6Server-Grizzly:Django14-0:1.4.11-1.el6ost.src",
"6Server-Grizzly:Django14-doc-0:1.4.11-1.el6ost.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2014:0457"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"6Server-Grizzly:Django14-0:1.4.11-1.el6ost.noarch",
"6Server-Grizzly:Django14-0:1.4.11-1.el6ost.src",
"6Server-Grizzly:Django14-doc-0:1.4.11-1.el6ost.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python-django: MySQL typecasting"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.