Lucene search
Https://gitlab.com/gitlab-org/security-products/gemnasium-dbGITLAB-E75BAEEE6B72B0D738E42C639EA075BFHistorySep 23, 2013 - 12:00 a.m.
DOS via large passwords
2013-09-2300:00:00
https://gitlab.com/gitlab-org/security-products/gemnasium-db
gitlab.com
10
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.013 Low
EPSS
Percentile
85.3%
The authentication framework (django.contrib.auth) computes the hash of a password each time a user attempts to log in, no matter the length of the password. Thus, a remote attacker can cause a denial of service (CPU consumption) by repeatedly submitting long passwords.
| CPE | Name | Operator | Version |
|---|---|---|---|
| pypi/django | ge | 1.4 | |
| pypi/django | lt | 1.4.8 | |
| pypi/django | ge | 1.5 | |
| pypi/django | lt | 1.5.4 |
Related
nessus
nessus
Debian DSA-2758-1 : python-django - denial of service
2013-09-18 00:00:00
openSUSE Security Update : python-django (openSUSE-SU-2013:1685-1)
2014-06-13 00:00:00
openSUSE Security Update : python-django (openSUSE-SU-2013:1492-1)
2014-06-13 00:00:00
threatpost
threatpost
Patches for Django Framework Fix DoS Vuln
2013-09-17 13:40:25
freebsd
freebsd
django -- denial-of-service via large passwords
2013-09-15 00:00:00
osv
osv
Django Denial of Service Vulnerability in the authentication framework
2022-05-17 04:53:45
PYSEC-2013-18
2013-09-23 20:55:00
python-django - denial of service
2013-09-17 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: python-django-1.5.4-1.fc20
2013-09-26 06:18:28
[SECURITY] Fedora 20 Update: python-django14-1.4.8-1.fc20
2013-09-24 23:00:28
[SECURITY] Fedora 19 Update: python-django14-1.4.8-1.fc19
2013-09-24 23:05:13
debian
debian
[SECURITY] [DSA 2758-1] python-django security update
2013-09-17 18:43:26
[SECURITY] [DSA 2758-1] python-django security update
2013-09-17 18:43:26
ubuntucve
ubuntucve
CVE-2013-1443
2013-09-20 00:00:00
prion
prion
Authentication flaw
2013-09-23 20:55:00
openvas
openvas
Debian Security Advisory DSA 2758-1 (python-django - denial of service)
2013-09-17 00:00:00
Debian: Security Advisory (DSA-2758-1)
2013-09-16 00:00:00
Ubuntu Update for python-django USN-1967-1
2013-10-03 00:00:00
debiancve
debiancve
CVE-2013-1443
2013-09-23 20:55:00
seebug
seebug
Djangoε―η εεΈζη»ζε‘ζΌζ΄(CVE-2013-1443)
2013-09-18 00:00:00
cve
cve
CVE-2013-1443
2013-09-23 20:55:00
github
github
Django Denial of Service Vulnerability in the authentication framework
2022-05-17 04:53:45
securityvulns
securityvulns
[USN-1967-1] Django vulnerabilities
2013-10-02 00:00:00
mageia
mageia
Updated python-django package fixes multiple vulnerabilities
2013-09-19 13:45:04
ubuntu
ubuntu
Django vulnerabilities
2013-09-24 00:00:00
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.013 Low
EPSS
Percentile
85.3%
Related for GITLAB-E75BAEEE6B72B0D738E42C639EA075BF