CVE-2009-2659

Name of the Vulnerable Software and Affected Versions Django versions 0.96 through 1.0

Description The issue arises from the Admin media handler in core/servers/basehttp.py, which fails to properly map URL requests to expected static media files. This allows remote attackers to conduct directory traversal attacks, enabling them to read arbitrary files via a crafted URL.

Recommendations For Django versions 0.96 through 1.0, consider restricting access to the Admin media handler until a proper fix is applied, focusing on securing the core/servers/basehttp.py module to prevent directory traversal attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.