Oval Definition:oval:org.opensuse.security:def:20167401
Revision Date:2022-06-30Version:1
Title:CVE-2016-7401
Description:

The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2016-7401
SUSE-SU-2018:0973-1
SUSE-SU-2018:1102-1
openSUSE-SU-2018:0824-1
openSUSE-SU-2018:0826-1
Mitre CVE-2016-7401
SUSE CVE-2016-7401
SUSE-SU-2018:0973-1
SUSE-SU-2018:1102-1
openSUSE-SU-2018:0824-1
openSUSE-SU-2018:0826-1
Platform(s):openSUSE Leap 42.3
openSUSE Tumbleweed
SUSE OpenStack Cloud 6
SUSE OpenStack Cloud 7
Product(s):
Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND python-Django-1.8.19-3.4.1 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 6 is installed
  • AND python-Django-1.8.19-3.6 is installed
    • Definition Synopsis
  • openSUSE Leap 42.3 is installed
  • AND Package Information
  • python-Django-1.8.19-6.4 is installed
  • AND python-Django is signed with openSUSE key
  • OR
  • python3-Django-1.8.19-5.3 is installed
  • AND python3-Django is signed with openSUSE key
    • Definition Synopsis
  • openSUSE Tumbleweed is installed
  • AND Package Information
  • python36-Django-3.2.7-2.3 is installed
  • OR python38-Django-3.2.7-2.3 is installed
  • OR python39-Django-3.2.7-2.3 is installed
  • OR ruby2.7-rubygem-http-cookie-1.0.4-1.2 is installed
  • OR ruby3.0-rubygem-http-cookie-1.0.4-1.2 is installed
    • BACK