Lucene search

K
ubuntucveUbuntu.comUB:CVE-2011-4137
HistoryOct 19, 2011 - 12:00 a.m.

CVE-2011-4137

2011-10-1900:00:00
ubuntu.com
ubuntu.com
11

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

EPSS

0.136

Percentile

95.6%

The verify_exists functionality in the URLField implementation in Django
before 1.2.7 and 1.3.x before 1.3.1 relies on Python libraries that attempt
access to an arbitrary URL with no timeout, which allows remote attackers
to cause a denial of service (resource consumption) via a URL associated
with (1) a slow response, (2) a completed TCP connection with no
application data sent, or (3) a large amount of application data, a related
issue to CVE-2011-1521.

OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchpython-django< 1.1.1-2ubuntu1.4UNKNOWN
ubuntu10.10noarchpython-django< 1.2.3-1ubuntu0.2.10.10.3UNKNOWN
ubuntu11.04noarchpython-django< 1.2.5-1ubuntu1.1UNKNOWN
ubuntu11.10noarchpython-django< 1.3-2ubuntu1.1UNKNOWN

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

EPSS

0.136

Percentile

95.6%