53 matches found
CVE-2011-4138
The verifyexists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 originally tests a URL's validity through a HEAD request, but then uses a GET request for the new target URL in the case of a redirect, which might allow remote attackers to trigger arbitra...
CVE-2011-4137
In Django, CVE-2011-4137 affects the URLField verify_exists check: before 1.2.7 and 1.3.x before 1.3.1, it uses libraries that access arbitrary URLs with no timeout, enabling DoS via slow, data-less, or large-response URLs. Root cause: lack of timeout handling in URL checks. Impact: remote denial...
CVE-2011-4138
Affected software: Django prior to 1.2.7 and 1.3.x prior to 1.3.1. The verify_exists URLField validation tests a URL with HEAD, but on redirects uses GET to the redirected target, potentially causing unwanted GET requests with an unintended source IP via a crafted Location header. Impact: potenti...
CVE-2011-4138
The verifyexists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 originally tests a URL's validity through a HEAD request, but then uses a GET request for the new target URL in the case of a redirect, which might allow remote attackers to trigger arbitra...
CVE-2011-4137
The verifyexists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 relies on Python libraries that attempt access to an arbitrary URL with no timeout, which allows remote attackers to cause a denial of service resource consumption via a URL associated with...
CVE-2011-4138
The verifyexists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 originally tests a URL's validity through a HEAD request, but then uses a GET request for the new target URL in the case of a redirect, which might allow remote attackers to trigger arbitra...
CVE-2011-4137
The verifyexists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 relies on Python libraries that attempt access to an arbitrary URL with no timeout, which allows remote attackers to cause a denial of service resource consumption via a URL associated with...
The Django development framework multiple security vulnerabilities-vulnerability warning-the black bar safety net
Affected version: Django 1.2.5 Django 1.3 beta 1 Django 1.2.4 Django 1.2.2 Django 1.2 Vulnerability description: Django is an open source Web application framework made of Python written. Django there are multiple security vulnerabilities, allow an attacker to obtain sensitive information,...
Django开发框架多个安全漏洞
Bugtraq ID: 49573 Django是一款开放源代码的Web应用框架,由Python写成。 Django存在多个安全漏洞,允许攻击者获得敏感信息,操作数据,进行缓存毒药攻击或进行拒绝服务攻击。 1当使用缓存后端时django.contrib.sessions中处理会话存在错误,可被利用操作会话信息。要成功个利用漏洞需要已知会话KEY和应用程序允许攻击者使用合法会话KEY储存字典类对象到缓冲中。 2Django模型系统包括一个字段类型-- URLField...
Django Forms Library Algorithmic Complexity Vulnerability
Django is prone to Algorithmic Complexity vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:djangoproject:django";...
Design/Logic Flaw
Algorithmic complexity vulnerability in the forms library in Django 1.0 before 1.0.4 and 1.1 before 1.1.1 allows remote attackers to cause a denial of service CPU consumption via a crafted 1 EmailField email address or 2 URLField URL that triggers a large amount of backtracking in a regular...
CVE-2009-3695
Algorithmic complexity vulnerability in the forms library in Django 1.0 before 1.0.4 and 1.1 before 1.1.1 allows remote attackers to cause a denial of service CPU consumption via a crafted 1 EmailField email address or 2 URLField URL that triggers a large amount of backtracking in a regular...
CVE-2009-3695
Algorithmic complexity vulnerability in the forms library in Django 1.0 before 1.0.4 and 1.1 before 1.1.1 allows remote attackers to cause a denial of service CPU consumption via a crafted 1 EmailField email address or 2 URLField URL that triggers a large amount of backtracking in a regular...