1. CVE-Search
  2. CVE-2013-0306
ID CVE-2013-0306
Summary The form library in Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 allows remote attackers to bypass intended resource limits for formsets and cause a denial of service (memory consumption) or trigger server errors via a modified max_num parameter.
References
Vulnerable Configurations
  • cpe:2.3:a:djangoproject:django:1.3:*:*:*:*:*:*:*
    cpe:2.3:a:djangoproject:django:1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:djangoproject:django:1.3:alpha1:*:*:*:*:*:*
    cpe:2.3:a:djangoproject:django:1.3:alpha1:*:*:*:*:*:*
  • cpe:2.3:a:djangoproject:django:1.3:beta1:*:*:*:*:*:*
    cpe:2.3:a:djangoproject:django:1.3:beta1:*:*:*:*:*:*
  • cpe:2.3:a:djangoproject:django:1.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:djangoproject:django:1.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:djangoproject:django:1.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:djangoproject:django:1.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:djangoproject:django:1.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:djangoproject:django:1.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:djangoproject:django:1.4:*:*:*:*:*:*:*
    cpe:2.3:a:djangoproject:django:1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:djangoproject:django:1.4:alpha:*:*:*:*:*:*
    cpe:2.3:a:djangoproject:django:1.4:alpha:*:*:*:*:*:*
  • cpe:2.3:a:djangoproject:django:1.4:beta:*:*:*:*:*:*
    cpe:2.3:a:djangoproject:django:1.4:beta:*:*:*:*:*:*
  • cpe:2.3:a:djangoproject:django:1.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:djangoproject:django:1.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:djangoproject:django:1.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:djangoproject:django:1.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:djangoproject:django:1.5:alpha:*:*:*:*:*:*
    cpe:2.3:a:djangoproject:django:1.5:alpha:*:*:*:*:*:*
  • cpe:2.3:a:djangoproject:django:1.5:beta:*:*:*:*:*:*
    cpe:2.3:a:djangoproject:django:1.5:beta:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 15-05-2013 - 03:34)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
rhsa
id RHSA-2013:0670
rpms
  • Django14-0:1.4.4-1.el6ost
  • Django14-doc-0:1.4.4-1.el6ost
refmap via4
confirm https://www.djangoproject.com/weblog/2013/feb/19/security/
debian DSA-2634
ubuntu USN-1757-1
Last major update 15-05-2013 - 03:34
Published 02-05-2013 - 14:55
Last modified 15-05-2013 - 03:34
Back to Top