Exploit the possiblities
Showing 1 - 3 of 3 RSS Feed

CVE-2012-3443

Status Candidate

Overview

The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a denial of service (memory consumption) by uploading an image file.

Related Files

Ubuntu Security Notice USN-1560-1
Posted Sep 10, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1560-1 - It was discovered that Django incorrectly validated the scheme of a redirect target. If a user were tricked into opening a specially crafted URL, an attacker could possibly exploit this to conduct cross-site scripting (XSS) attacks. It was discovered that Django incorrectly handled validating certain images. A remote attacker could use this flaw to cause the server to consume memory, leading to a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, xss
systems | linux, ubuntu
advisories | CVE-2012-3442, CVE-2012-3443, CVE-2012-3444, CVE-2012-3442, CVE-2012-3443, CVE-2012-3444
MD5 | d761cdb7ece39a14cff9db1b71d01d9d
Mandriva Linux Security Advisory 2012-143
Posted Aug 24, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-143 - Multiple vulnerabilities has been discovered and corrected in python-django. The django.http.HttpResponsePermanentRedirect classes in Django before 1.3.2 and 1.4.x before 1.4.1 do not validate the scheme of a redirect target, which might allow remote attackers to conduct cross-site scripting attacks via a data: URL. The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a denial of service by uploading an image file. The get_image_dimensions function in the image-handling functionality in Django before 1.3.2 and 1.4.x before 1.4.1 uses a constant chunk size in all attempts to determine dimensions, which allows remote attackers to cause a denial of service via a large TIFF image. The updated packages have been upgraded to the 1.3.3 version which is not vulnerable to these issues.

tags | advisory, remote, web, denial of service, vulnerability, xss, python
systems | linux, mandriva
advisories | CVE-2012-3442, CVE-2012-3443, CVE-2012-3444
MD5 | c7783d5103757d6bb2828d7a41610c73
Debian Security Advisory 2529-1
Posted Aug 15, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2529-1 - Jeroen Dekkers and others reported several vulnerabilities in Django, a Python Web framework.

tags | advisory, web, vulnerability, python
systems | linux, debian
advisories | CVE-2012-3442, CVE-2012-3443, CVE-2012-3444
MD5 | aa54004a5bc8a82e1f64044c06bdd517
Page 1 of 1
Back1Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

February 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    15 Files
  • 2
    Feb 2nd
    15 Files
  • 3
    Feb 3rd
    15 Files
  • 4
    Feb 4th
    13 Files
  • 5
    Feb 5th
    16 Files
  • 6
    Feb 6th
    15 Files
  • 7
    Feb 7th
    15 Files
  • 8
    Feb 8th
    15 Files
  • 9
    Feb 9th
    18 Files
  • 10
    Feb 10th
    8 Files
  • 11
    Feb 11th
    8 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    15 Files
  • 14
    Feb 14th
    15 Files
  • 15
    Feb 15th
    17 Files
  • 16
    Feb 16th
    18 Files
  • 17
    Feb 17th
    37 Files
  • 18
    Feb 18th
    2 Files
  • 19
    Feb 19th
    16 Files
  • 20
    Feb 20th
    16 Files
  • 21
    Feb 21st
    15 Files
  • 22
    Feb 22nd
    16 Files
  • 23
    Feb 23rd
    31 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close