CVE-2011-0698

Published Feb 14, 2011

Last updated 14 years ago

Overview

Description: Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 on Windows might allow remote attackers to read or execute files via a / (slash) character in a key in a session cookie, related to session replays.
Source: secalert@redhat.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-22

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:djangoproject:django:1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "56846659-96C8-497C-8404-3975E5B6385B"
          },
          {
            "criteria": "cpe:2.3:a:djangoproject:django:1.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2DAB4639-B81D-412A-A081-EFF46737CA5D"
          },
          {
            "criteria": "cpe:2.3:a:djangoproject:django:1.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BF068CD9-B33A-4C51-9FBA-CFDAE91E174E"
          },
          {
            "criteria": "cpe:2.3:a:djangoproject:django:1.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "26D338D9-1504-4933-B833-BD7F1864E89D"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:djangoproject:django:1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AD257D91-EF31-4103-9007-944603ABA271"
          },
          {
            "criteria": "cpe:2.3:a:djangoproject:django:1.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "99387F31-9E04-4A73-A1C6-C05F96A8DB38"
          },
          {
            "criteria": "cpe:2.3:a:djangoproject:django:1.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "064C9403-8A43-42C7-A1FD-03CC49A32FB1"
          },
          {
            "criteria": "cpe:2.3:a:djangoproject:django:1.2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5BCDB95B-88F2-466A-A4F9-4C080183E39B"
          },
          {
            "criteria": "cpe:2.3:a:djangoproject:django:1.2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "17B99C62-A653-45C1-A061-05A8FAD52107"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References