Security Bulletin
Summary
SmartCloud Provisioning - Django vulnerabilities reported in May 2014 X-Force Report (CVE-2014-1418, CVE-2014-3730).
Vulnerability Details
SmartCloud Provisioning 2.3 is shipped with Open Source Django. Securities vulnerabilities have been discovered in Django, which affect SmartCloud Provisioning. Django has released patch updates, which contain vulnerability fixes and SmartCloud Provisioning Django has been updated to include those fixes.
CVE-ID: CVE-2014-1418
Description: Django Vary and Cache-Control headers information disclosure. Django could allow a remote attacker to obtain sensitive information, which are caused by the failure to properly remove Vary and Cache-Control headers from HTTP responses. An attacker might exploit this vulnerability to obtain sensitive information.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/93179 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N)
CVE-ID: CVE-2014-3730
Description: Django malformed URL security bypass. Django might allow a remote attacker to bypass security restrictions, which are caused by the improper validation of malformed URLs. An attacker could exploit this vulnerability to gain unauthorized access to the system.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/93158 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Affected Products and Versions
SmartCloud Provisioning 2.3 Fix Pack 1, 2.3 Fix Pack 1 from IFix1 to IFix3
Remediation/Fixes
The recommended solution is to apply the appropriate fix from Fix Central as soon as practical.
Fix:
Upgrade to IBM SmartCloud Provisioning 2.3 Fix Pack 1, iFix 4
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
References
Change History
September 12, 2014, first version published
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Was this topic helpful?
Document Information
Modified date:
17 June 2018
UID
swg21683587