Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2019-3498

Related Vulnerabilities: CVE-2019-3498  

In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a user fails to recognize that a crafted URL has malicious content.

Source

The MITRE CVE dictionary describes this issue as:

In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a user fails to recognize that a crafted URL has malicious content.

Find out more about CVE-2019-3498 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue affects the versions of python-django as shipped with Red Hat Update Infrastructure 3. Even though the Red Hat Update Appliance ships python-django, the application is not accessible by default because of the firewall rules, thus this flaw cannot be used. However, it can be triggered on the Content Delivery Systems.

CVSS v3 metrics

NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.

CVSS3 Base Score 4.3
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality None
Integrity Impact Low
Availability Impact None

Affected Packages State

Platform Package State
Red Hat Subscription Asset Manager 1 Django Will not fix
Red Hat Satellite 6 python-django Under investigation
Red Hat OpenStack Platform Operational Tools 9 python-django Under investigation
Red Hat OpenStack Platform 9.0 python-django Under investigation
Red Hat OpenStack Platform 8.0 (Liberty) python-django Under investigation
Red Hat OpenStack Platform 14 python-django Under investigation
Red Hat OpenStack Platform 13.0 (Queens) python-django Under investigation
Red Hat OpenStack Platform 10 python-django Under investigation
Red Hat Gluster Storage 3 python-django Affected
Red Hat Enterprise Linux OpenStack Platform 8.0 Operational Tools for RHEL 7 python-django Under investigation
Red Hat Ceph Storage 3 python-django Affected
Red Hat Ceph Storage 2 python-django Affected

External References

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact Red Hat Product Security.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started