Showing 1 - 4 of 4

CVE-2014-0481

Status Candidate

Overview

The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name generation process when a file with a conflicting name is uploaded, which allows remote attackers to cause a denial of service (CPU consumption) by unloading a multiple files with the same name.

Related Files

Gentoo Linux Security Advisory 201412-22: Posted Dec 15, 2014; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 201412-22 - Multiple vulnerabilities have been found in Django, the worst of which may lead to Denial of Service. Versions less than 1.6.7 are affected.; tags | advisory, denial of service, vulnerability; systems | linux, gentoo; advisories | CVE-2014-0480, CVE-2014-0481, CVE-2014-0482, CVE-2014-0483; SHA-256 | f7c853cbb69afa4284b4d978bb8f2dc5df475833df9c29ae53b639476cb70428; Download | Favorite | View

Ubuntu Security Notice USN-2347-1: Posted Sep 16, 2014; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 2347-1 - Florian Apolloner discovered that Django incorrectly validated URLs. A remote attacker could use this issue to conduct phishing attacks. David Wilson discovered that Django incorrectly handled file name generation. A remote attacker could use this issue to cause Django to consume resources, resulting in a denial of service. David Greisen discovered that Django incorrectly handled certain headers in contrib.auth.middleware.RemoteUserMiddleware. A remote authenticated user could use this issue to hijack web sessions. Various other issues were also addressed.; tags | advisory, remote, web, denial of service; systems | linux, ubuntu; advisories | CVE-2014-0480, CVE-2014-0481, CVE-2014-0482, CVE-2014-0483; SHA-256 | 0fab862d5b1bf1e311cd2052effe8e9230369135c3f2d4d77dc7db7767e25cc3; Download | Favorite | View

Mandriva Linux Security Advisory 2014-179: Posted Sep 8, 2014; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory 2014-179 - Updated python-django packages fix security vulnerabilities. These releases address an issue with reverse() generating external URLs, a denial of service involving file uploads, a potential session hijacking issue in the remote-user middleware, and a data leak in the administrative interface.; tags | advisory, remote, denial of service, vulnerability, python, file upload; systems | linux, mandriva; advisories | CVE-2014-0480, CVE-2014-0481, CVE-2014-0482, CVE-2014-0483; SHA-256 | 6c6ad9e0a3a6bafcc98db8f311aef9fa1f50f5df6bd7c716ee23a99b64a4d279; Download | Favorite | View

Debian Security Advisory 3010-1: Posted Aug 25, 2014; Authored by Debian | Site debian.org; Debian Linux Security Advisory 3010-1 - Several vulnerabilities were discovered in Django, a high-level Python web development framework.; tags | advisory, web, vulnerability, python; systems | linux, debian; advisories | CVE-2014-0480, CVE-2014-0481, CVE-2014-0482, CVE-2014-0483; SHA-256 | a870a2e3f43337f13da823b837e2b2a580c7b425c4bcfb883aa8dcf8c3bf1b98; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 179 files
Ubuntu 58 files
Debian 26 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
E1.Coders 4 files
malvuln 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

CVE-2014-0481

Overview

Related Files

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems