Django i18n Remote Denial Of Service Vulnerability
BID:26227
Info
Django i18n Remote Denial Of Service Vulnerability
| Bugtraq ID: | 26227 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-5712 |
| Remote: | Yes |
| Local: | No |
| Published: | Oct 29 2007 12:00AM |
| Updated: | Apr 13 2015 09:32PM |
| Credit: | The vendor disclosed this issue. |
| Vulnerable: |
Redhat Fedora 7 PyLucid PyLucid 0.8 beta1 Djangoproject Django 0.95.1 Djangoproject Django 0.96 Djangoproject Django 0.95 Djangoproject Django 0.91 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0 |
| Not Vulnerable: |
PyLucid PyLucid 0.8 RC1 Djangoproject Django 0.96.1 Djangoproject Django 0.95.2 Djangoproject Django 0.91.1 |
Discussion
Django i18n Remote Denial Of Service Vulnerability
Django is prone to a remote denial-of-service vulnerability because it fails to adequately handle user-supplied input.
Attackers can exploit this issue to exhaust large amounts of memory, resulting in denial-of-service conditions.
Django 0.91, 0.95, 0.95.1, and 0.96 are vulnerable; other versions may also be affected.
NOTE: The application is affected by this issue only if both the 'USE_I18N' option and the 'i18n' middleware component are enabled.
Django is prone to a remote denial-of-service vulnerability because it fails to adequately handle user-supplied input.
Attackers can exploit this issue to exhaust large amounts of memory, resulting in denial-of-service conditions.
Django 0.91, 0.95, 0.95.1, and 0.96 are vulnerable; other versions may also be affected.
NOTE: The application is affected by this issue only if both the 'USE_I18N' option and the 'i18n' middleware component are enabled.
Exploit / POC
Django i18n Remote Denial Of Service Vulnerability
Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Django i18n Remote Denial Of Service Vulnerability
Solution:
The vendor released new versions and patches to address this issue. Please see the references for more information.
Debian Linux 4.0 amd64
Debian Linux 4.0 ia-32
Debian Linux 4.0 arm
Djangoproject Django 0.95
Debian Linux 4.0 hppa
Debian Linux 4.0 sparc
Djangoproject Django 0.96
Debian Linux 4.0 s/390
Debian Linux 4.0 powerpc
Debian Linux 4.0 alpha
Djangoproject Django 0.91
Debian Linux 4.0 m68k
Debian Linux 4.0
Debian Linux 4.0 mipsel
Debian Linux 4.0 ia-64
Debian Linux 4.0 mips
PyLucid PyLucid 0.8 beta1
Djangoproject Django 0.95.1
Solution:
The vendor released new versions and patches to address this issue. Please see the references for more information.
Debian Linux 4.0 amd64
-
Debian python-django_0.95.1-1etch2_all.deb
http://security.debian.org/pool/updates/main/p/python-django/python-dj ango_0.95.1-1etch2_all.deb
Debian Linux 4.0 ia-32
-
Debian python-django_0.95.1-1etch2_all.deb
http://security.debian.org/pool/updates/main/p/python-django/python-dj ango_0.95.1-1etch2_all.deb
Debian Linux 4.0 arm
-
Debian python-django_0.95.1-1etch2_all.deb
http://security.debian.org/pool/updates/main/p/python-django/python-dj ango_0.95.1-1etch2_all.deb
Djangoproject Django 0.95
-
Django Django-0.96.1.tar.gz
http://www.djangoproject.com/download/0.96.1/tarball/ -
Django i18n-0.95.diff
http://media.djangoproject.com/patches/2007-10-26-security-fix/i18n-0. 95.diff
Debian Linux 4.0 hppa
-
Debian python-django_0.95.1-1etch2_all.deb
http://security.debian.org/pool/updates/main/p/python-django/python-dj ango_0.95.1-1etch2_all.deb
Debian Linux 4.0 sparc
-
Debian python-django_0.95.1-1etch2_all.deb
http://security.debian.org/pool/updates/main/p/python-django/python-dj ango_0.95.1-1etch2_all.deb
Djangoproject Django 0.96
-
Django Django-0.96.1.tar.gz
http://www.djangoproject.com/download/0.96.1/tarball/ -
Django i18n-0.96.diff
http://media.djangoproject.com/patches/2007-10-26-security-fix/i18n-0. 96.diff
Debian Linux 4.0 s/390
-
Debian python-django_0.95.1-1etch2_all.deb
http://security.debian.org/pool/updates/main/p/python-django/python-dj ango_0.95.1-1etch2_all.deb
Debian Linux 4.0 powerpc
-
Debian python-django_0.95.1-1etch2_all.deb
http://security.debian.org/pool/updates/main/p/python-django/python-dj ango_0.95.1-1etch2_all.deb
Debian Linux 4.0 alpha
-
Debian python-django_0.95.1-1etch2_all.deb
http://security.debian.org/pool/updates/main/p/python-django/python-dj ango_0.95.1-1etch2_all.deb
Djangoproject Django 0.91
-
Django Django-0.96.1.tar.gz
http://www.djangoproject.com/download/0.96.1/tarball/ -
Django i18n-0.91.diff
http://media.djangoproject.com/patches/2007-10-26-security-fix/i18n-0. 91.diff
Debian Linux 4.0 m68k
-
Debian python-django_0.95.1-1etch2_all.deb
http://security.debian.org/pool/updates/main/p/python-django/python-dj ango_0.95.1-1etch2_all.deb
Debian Linux 4.0
-
Debian python-django_0.95.1-1etch2_all.deb
http://security.debian.org/pool/updates/main/p/python-django/python-dj ango_0.95.1-1etch2_all.deb
Debian Linux 4.0 mipsel
-
Debian python-django_0.95.1-1etch2_all.deb
http://security.debian.org/pool/updates/main/p/python-django/python-dj ango_0.95.1-1etch2_all.deb
Debian Linux 4.0 ia-64
-
Debian python-django_0.95.1-1etch2_all.deb
http://security.debian.org/pool/updates/main/p/python-django/python-dj ango_0.95.1-1etch2_all.deb
Debian Linux 4.0 mips
-
Debian python-django_0.95.1-1etch2_all.deb
http://security.debian.org/pool/updates/main/p/python-django/python-dj ango_0.95.1-1etch2_all.deb
PyLucid PyLucid 0.8 beta1
-
PyLucid PyLucid_v0.8RC1.tar.bz2
http://sourceforge.net/project/showfiles.php?group_id=146328&package_i d=161206&release_id=550349
Djangoproject Django 0.95.1
-
Django Django-0.96.1.tar.gz
http://www.djangoproject.com/download/0.96.1/tarball/
References
Django i18n Remote Denial Of Service Vulnerability
References:
References:
- Django Homepage (Django)
- PyLucid Homepage (PyLucid)
- PyLucid Release Notes (PyLucid)
- Security fix released (Django)