CVE-2014-0481
4.3
Vector
AV:N/AC:M/Au:N/C:N/I:N/A:P
Exploitability: 8.6 / Impact: 2.9
Source: NVD
Description
The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name generation process when a file with a conflicting name is uploaded, which allows remote attackers to cause a denial of service (CPU consumption) by unloading a multiple files with the same name.
Affected (43)
Show all products
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 13.1 | |
| Version 12.3 |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.4.13 |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.5.1 |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.7 beta1 |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.6.1 |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Version 7.0 |
Related CWEs
References (12)
Source: security@debian.org
Third Party Advisory
Source: security@debian.org
Source: security@debian.org
Source: security@debian.org
Source: security@debian.org
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Timeline
No history available yet.