CVE-2011-0698
published 2011-02-14CVE-2011-0698: Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 on Windows might allow remote attackers to read or execute files via a /…
PriorityP434high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
2.86%
85.0th percentile
Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 on Windows might allow remote attackers to read or execute files via a / (slash) character in a key in a session cookie, related to session replays.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | python-django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | >= 1.1 < 1.1.4 | 1.1.4 |
| djangoproject | django | >= 1.2 < 1.2.5 | 1.2.5 |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_debian7.5LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2011-0698: python-django - Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before ...
vendor_debian·2011·CVSS 7.5
CVE-2011-0698 [HIGH] CVE-2011-0698: python-django - Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before ...
Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 on Windows might allow remote attackers to read or execute files via a / (slash) character in a key in a session cookie, related to session replays.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
GHSA
Directory traversal in Django
ghsa·2018-07-23
CVE-2011-0698 [CRITICAL] CWE-22 Directory traversal in Django
Directory traversal in Django
Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 on Windows might allow remote attackers to read or execute files via a / (slash) character in a key in a session cookie, related to session replays.
OSV
Directory traversal in Django
osv·2018-07-23
CVE-2011-0698 [CRITICAL] Directory traversal in Django
Directory traversal in Django
Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 on Windows might allow remote attackers to read or execute files via a / (slash) character in a key in a session cookie, related to session replays.
OSV
CVE-2011-0698: Directory traversal vulnerability in Django 1
osv·2011-02-14
CVE-2011-0698 CVE-2011-0698: Directory traversal vulnerability in Django 1
Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 on Windows might allow remote attackers to read or execute files via a / (slash) character in a key in a session cookie, related to session replays.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://openwall.com/lists/oss-security/2011/02/09/6http://secunia.com/advisories/43230http://www.djangoproject.com/weblog/2011/feb/08/security/http://www.mandriva.com/security/advisories?name=MDVSA-2011:031http://www.securityfocus.com/bid/46296http://www.vupen.com/english/advisories/2011/0372http://www.vupen.com/english/advisories/2011/0439http://openwall.com/lists/oss-security/2011/02/09/6http://secunia.com/advisories/43230http://www.djangoproject.com/weblog/2011/feb/08/security/http://www.mandriva.com/security/advisories?name=MDVSA-2011:031http://www.securityfocus.com/bid/46296http://www.vupen.com/english/advisories/2011/0372http://www.vupen.com/english/advisories/2011/0439
2011-02-14
Published