NewsImagine that you worked in a newsroom environment and that you were extremely busy. Now imagine that you also needed to do web development tasks and write a database driven web application, on top of that. The problem that you are faced with is that you don't really have enough time to perform all the tasks that you need to do. If you had that type of job waiting and you had also saved enough money to take that wonderful vacation overseas, what would you do? I can tell you that I would use Django in order to pull this one off, that way everything would probably run smoothly. However I would unfortunately have to look out for the latest vulnerability that has affected Django. Let me provide you with some more information with regards to Django. Django was developed only four years ago by a very busy and fast paced online news operation. It is geared to enable it's users to build high functioning web applications, which don't require days of your time to build. It has some wonderful features as well as a tutorial guide and a community which can help answer some of your questions, if you should have any. You can use Django with the majority of operating systems, with the inclusion of Windows XP that contains these files: acgenral.dll, ACPI.sys and cipher.exe. Now, lets find out more about the vulnerability. It was recently discovered that Django is prone to an information disclosure vulnerability. This is due to an error that occurs when trying to change the input data supplied by the user. The harsh ramifications which pertain to this specific issue are that malicious online attackers can take complete advantage of the situation and get their hands on very private information. These malicious online attackers could then make use of this private information in order to plan further malicious online attacks.
Table 1. The affected Django versions Basically Django has a WSGI web based server used for learning Django as well as for testing new applications. Due to various convenience factors this web server also maps some URLS automatically which communicates with the static media files that are used by Django. Now the problem lies in the factor that if a malicious online attacker decides to create a manipulated URL, this will cause the development server to be able to serve any file in which it has read access. This will include the created and manipulated file which is prepared by the malicious online attacker. The affected versions include the Django development trunk, Django version 1.0 as well as Django 0.96. All Django users should be aware of the factor that the possibility exists of other versions also being affected. The goods news is that the Vendor has recently released patches and has made them available to the public for downloading. You can download the new patches directly from the Django homepage. The updates, which are immediately available, are versions 0.96.4 as well as 1.0.3. Django has strongly encouraged all users to apply the relevant upgrades as soon as possible. Django has also promised it's users that the final release of Django 1.1, will be released shorty, which will include a patch from the development trunk. I would like to bid you farewell and leave you with a quote in conclusion:"The hacker mindset doesn't actually see what happens on the other side, to the victim."_Kevin Mitnick |
Software Downloads
User Comments