CVE-2011-4136

Advisory

django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1, when session data is stored in the cache, uses the root namespace for both session identifiers and application-data keys, which allows remote attackers to modify a session by triggering use of a key that is equal to that session's identifier.

Affected package

Affected versions

Fixed versions

Vulnerability changelog

django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1, when session data is stored in the cache, uses the root namespace for both session identifiers and application-data keys, which allows remote attackers to modify a session by triggering use of a key that is equal to that session's identifier.

Resources

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4136
• https://bugzilla.redhat.com/show_bug.cgi?id=737366
• http://openwall.com/lists/oss-security/2011/09/13/2
• https://www.djangoproject.com/weblog/2011/sep/09/
• https://www.djangoproject.com/weblog/2011/sep/10/127/
• http://openwall.com/lists/oss-security/2011/09/11/1
• http://secunia.com/advisories/46614
• http://www.debian.org/security/2011/dsa-2332
• https://hermes.opensuse.org/messages/14700881