Guest

Preview Tool

Cisco Bug: CSCuo36090 - CUCDM: Django Vulnerabilities

Last Modified

Dec 29, 2019

Products (1)

  • Cisco Hosted Collaboration Solution (HCS)

Known Affected Releases

4.4(3)

Description (partial)

Symptom:
Cisco Unified Communications Domain Manager includes a version of the Django framework that is affected by the
vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs:

CVE-2012-3443: The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before
1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a
denial of service (memory consumption) by uploading an image file. This has been classified by the vendor as
having a CVSSv2 score of 5.0 (AV:N/AC:L/AU:N/C:N/I:N/A:P)

CVE-2012-3444: The get_image_dimensions function in the image-handling functionality in Django before 1.3.2
and 1.4.x before 1.4.1 uses a constant chunk size in all attempts to determine dimensions, which allows remote
attackers to cause a denial of service (process or thread consumption) via a large TIFF image. This has been
classified by the vendor as having a CVSSv2 score of 5.0 (AV:N/AC:L/AU:N/C:N/I:N/A:P)

CVE-2012-4520: The django.http.HttpRequest.get_host function in Django 1.3.x before 1.3.4 and 1.4.x before
1.4.2 allows remote attackers to generate and display arbitrary URLs via crafted username and password Host
header values. This has been classified by the vendor as having a CVSSv2 score of 6.4
(AV:N/AC:L/AU:N/C:P/I:P/A:N)

CVE-2013-0305: The administrative interface for Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before
release candidate 2 does not check permissions for the history view, which allows remote authenticated
administrators to obtain sensitive object history information. This has been classified by the vendor as
having a CVSSv2 score of 4.0 (AV:N/AC:L/AU:S/C:P/I:N/A:N)

CVE-2013-0306: The form library in Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release
candidate 2 allows remote attackers to bypass intended resource limits for formsets and cause a denial of
service (memory consumption) or trigger server errors via a modified max_num parameter. This has been
classified by the vendor as having a CVSSv2 score of 5.0 (AV:N/AC:L/AU:N/C:N/I:N/A:P)

CVE-2013-1443: The authentication framework (django.contrib.auth) in Django 1.4.x before 1.4.8, 1.5.x before
1.5.4, and 1.6.x before 1.6 beta 4 allows remote attackers to cause a denial of service (CPU consumption) via
a long password which is then hashed. This has been classified by the vendor as having a CVSSv2 score of 5.0
(AV:N/AC:L/AU:N/C:N/I:N/A:P)

CVE-2013-4315: Directory traversal vulnerability in Django 1.4.x before 1.4.7, 1.5.x before 1.5.3, and 1.6.x
before 1.6 beta 3 allows remote attackers to read arbitrary files via a file path in the ALLOWED_INCLUDE_ROOTS
setting followed by a .. (dot dot) in a ssi template tag. This has been classified by the vendor as having a
CVSSv2 score of 5.0 (AV:N/AC:L/AU:N/C:P/I:N/A:N)

CVE-2013-6044: The is_safe_url function in utils/http.py in Django 1.4.x before 1.4.6, 1.5.x before 1.5.2, and
1.6 before beta 2 treats a URL's scheme as safe even if it is not HTTP or HTTPS, which might introduce
cross-site scripting (XSS) or other vulnerabilities into Django applications that use this function, as
demonstrated by ''the login view in django.contrib.auth.views'' and the javascript: scheme. This has been
classified by the vendor as having a CVSSv2 score of 4.3 (AV:N/AC:M/AU:N/C:N/I:P/A:N)

CVE-2014-0472: The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6,
1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python
modules by leveraging a view that constructs URLs using user input and a ''dotted Python path.'' This has been
classified by the vendor as having a CVSSv2 score of 5.1 (AV:N/AC:H/AU:N/C:P/I:P/A:P)

CVE-2014-0473: The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and
1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to
bypass CSRF protections by reading the CSRF cookie for anonymous users. This has been classified by the vendor
as having a CVSSv2 score of 5.0 (AV:N/AC:L/AU:N/C:P/I:N/A:N)

CVE-2014-0474: The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressField model field classes in
Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not properly
perform type conversion, which allows remote attackers to have unspecified impact and vectors, related to
''MySQL typecasting.'' This has been classified by the vendor as having a CVSSv2 score of 10.0
(AV:N/AC:L/AU:N/C:C/I:C/A:C)

This bug was opened to address the potential impact on this product.

Conditions:
Running version of the product prior to this bugfix
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.