Paul Mcmillan

**Nome do Software Vulnerável e Versões Afetadas** Django versões anteriores a 6.0.6 Django versões anteriores a 5.2.15 **Descrição** Um problema existe na função `get signed cookie()` dentro de `django.http.HttpRequest`. A função utiliza uma derivação de salt não injetiva ao concatenar o nome do cookie e o argumento de salt. Isso permite que um invasor remoto utilize um cookie em um contexto diferente daquele em que foi assinado, por meio de pares distintos de `name` e `salt` que produzem a mesma concatenação. **Recomendações** Atualize para a versão 6.0.6 ou posterior. Atualize para a versão 5.2.15 ou posterior.

**Name of the Vulnerable Software and Affected Versions** python-keystoneclient versions 0.2.3 through 0.2.5 **Description** The issue concerns a middleware memcache encryption bypass in the python-keystoneclient. No information is provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited. **Recommendations** For python-keystoneclient versions 0.2.3 through 0.2.5, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** python-keystoneclient versions 0.2.3 through 0.2.5 **Description** The issue concerns a middleware memcache signing bypass in the python-keystoneclient. **Recommendations** For python-keystoneclient versions 0.2.3 through 0.2.5, update to a version outside of the affected range to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** noVNC versions prior to 0.5 **Description** The issue concerns the transmission of a cookie in an https session. Specifically, the cookie does not have the secure flag set, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. **Recommendations** For versions prior to 0.5, update to version 0.5 or later to ensure the secure flag is set for cookies in https sessions.

**Name of the Vulnerable Software and Affected Versions** OpenStack Image Registry and Delivery Service (Glance) versions 2013.2 before 2013.2.4 OpenStack Image Registry and Delivery Service (Glance) versions icehouse before icehouse-rc2 **Description** The issue allows remote authenticated users with permission to insert or modify an image to execute arbitrary commands via a crafted location. **Recommendations** For OpenStack Image Registry and Delivery Service (Glance) versions 2013.2 before 2013.2.4, update to version 2013.2.4 or later. For OpenStack Image Registry and Delivery Service (Glance) versions icehouse before icehouse-rc2, update to version icehouse-rc2 or later.

**Name of the Vulnerable Software and Affected Versions** Django versions prior to 1.4.11 Django versions 1.5.x prior to 1.5.6 Django versions 1.6.x prior to 1.6.3 Django versions 1.7.x prior to 1.7 beta 2 **Description** The caching framework in Django reuses a cached CSRF token for all anonymous users. This allows remote attackers to bypass CSRF protections by reading the CSRF cookie for anonymous users. **Recommendations** For Django versions prior to 1.4.11, update to version 1.4.11 or later. For Django versions 1.5.x prior to 1.5.6, update to version 1.5.6 or later. For Django versions 1.6.x prior to 1.6.3, update to version 1.6.3 or later. For Django versions 1.7.x prior to 1.7 beta 2, update to version 1.7 beta 2 or later.

**Name of the Vulnerable Software and Affected Versions** Django versions prior to 1.2.7 Django versions 1.3.x prior to 1.3.1 **Description** The issue is related to the `verify exists` functionality in the `URLField` implementation, which relies on Python libraries that attempt to access an arbitrary URL with no timeout. This allows remote attackers to cause a denial of service by consuming resources via a URL associated with a slow response, a completed TCP connection with no application data sent, or a large amount of application data. **Recommendations** For Django versions prior to 1.2.7, update to version 1.2.7 or later. For Django versions 1.3.x prior to 1.3.1, update to version 1.3.1 or later.

**Name of the Vulnerable Software and Affected Versions** Django versions 1.1.x through 1.1.3 Django versions 1.2.x through 1.2.4 **Description** A directory traversal issue might allow remote attackers to read or execute files via a / (slash) character in a key in a session cookie, related to session replays. **Recommendations** For Django versions 1.1.x through 1.1.3, update to version 1.1.4 or later. For Django versions 1.2.x through 1.2.4, update to version 1.2.5 or later.