Описание
The Admin media handler in core/servers/basehttp.py in Django 1.0 and 0.96 does not properly map URL requests to expected "static media files," which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a crafted URL.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | not-affected | 1.1-1 |
| hardy | ignored | end of life |
| intrepid | ignored | end of life, was needed |
| jaunty | released | 1.0.2-1ubuntu0.1 |
| karmic | not-affected | 1.1-1 |
| lucid | not-affected | 1.1-1 |
| maverick | not-affected | 1.1-1 |
| natty | not-affected | 1.1-1 |
| oneiric | not-affected | 1.1-1 |
Показывать по
Ссылки на источники
5 Medium
CVSS2
Связанные уязвимости
The Admin media handler in core/servers/basehttp.py in Django 1.0 and 0.96 does not properly map URL requests to expected "static media files," which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a crafted URL.
The Admin media handler in core/servers/basehttp.py in Django 1.0 and 0.96 does not properly map URL requests to expected "static media files," which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a crafted URL.
The Admin media handler in core/servers/basehttp.py in Django 1.0 and ...
Django Admin Media Handler Vulnerable to Directory Traversal
5 Medium
CVSS2