CVE-2011-0698
Severity CVSS v4.0:
Pending analysis
Type:
CWE-22
Path Traversal
Publication date:
14/02/2011
Last modified:
11/04/2025
Description
Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 on Windows might allow remote attackers to read or execute files via a / (slash) character in a key in a session cookie, related to session replays.
Impact
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:djangoproject:django:1.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:djangoproject:django:1.1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:djangoproject:django:1.1.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:djangoproject:django:1.1.3:*:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:* | ||
| cpe:2.3:a:djangoproject:django:1.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:djangoproject:django:1.2.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:djangoproject:django:1.2.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:djangoproject:django:1.2.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:djangoproject:django:1.2.4:*:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://openwall.com/lists/oss-security/2011/02/09/6
- http://secunia.com/advisories/43230
- http://www.djangoproject.com/weblog/2011/feb/08/security/
- http://www.mandriva.com/security/advisories?name=MDVSA-2011%3A031
- http://www.securityfocus.com/bid/46296
- http://www.vupen.com/english/advisories/2011/0372
- http://www.vupen.com/english/advisories/2011/0439
- http://openwall.com/lists/oss-security/2011/02/09/6
- http://secunia.com/advisories/43230
- http://www.djangoproject.com/weblog/2011/feb/08/security/
- http://www.mandriva.com/security/advisories?name=MDVSA-2011%3A031
- http://www.securityfocus.com/bid/46296
- http://www.vupen.com/english/advisories/2011/0372
- http://www.vupen.com/english/advisories/2011/0439