CVE-2011-0698

Published: Feb 14, 2011

Modified: Aug 6, 2024

PUBLISHED

Description

Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 on Windows might allow remote attackers to read or execute files via a / (slash) character in a key in a session cookie, related to session replays.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

ADV-2011-0439

vdb-entry

x_refsource_VUPEN

[oss-security] 20110209 Django multiple flaws (CVEs inside)

mailing-list

x_refsource_MLIST

43230

third-party-advisory

x_refsource_SECUNIA

ADV-2011-0372

vdb-entry

x_refsource_VUPEN

46296

vdb-entry

x_refsource_BID

MDVSA-2011:031

vendor-advisory

x_refsource_MANDRIVA

http://www.djangoproject.com/weblog/2011/feb/08/security/

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2011-0698

Description

Affected Products

References