CVE-2007-5712 - The internationalization (i18n) framework in Django 0.91, 0.95, 0.95.1, and 0.96, and as used in oth

CVE-2007-5712

Summary

The internationalization (i18n) framework in Django 0.91, 0.95, 0.95.1, and 0.96, and as used in other products such as PyLucid, when the USE_I18N option and the i18n component are enabled, allows remote attackers to cause a denial of service (memory consumption) via many HTTP requests with large Accept-Language headers.

References

Vulnerable Configurations

cpe:2.3:a:django_project:django:0.91:*:*:*:*:*:*:*
cpe:2.3:a:django_project:django:0.91:*:*:*:*:*:*:*
cpe:2.3:a:django_project:django:0.95:*:*:*:*:*:*:*
cpe:2.3:a:django_project:django:0.95:*:*:*:*:*:*:*
cpe:2.3:a:django_project:django:0.95.1:*:*:*:*:*:*:*
cpe:2.3:a:django_project:django:0.95.1:*:*:*:*:*:*:*
cpe:2.3:a:django_project:django:0.96:*:*:*:*:*:*:*
cpe:2.3:a:django_project:django:0.96:*:*:*:*:*:*:*

CVSS

Base:	2.6 (as of 29-07-2017 - 01:33)
Impact:
Exploitability:

CWE

CWE-399

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:H/Au:N/C:N/I:N/A:P

refmap via4

bid	26227
confirm	http://sourceforge.net/forum/forum.php?forum_id=749199 http://www.djangoproject.com/weblog/2007/oct/26/security-fix
debian	DSA-1640
fedora	FEDORA-2007-2788 FEDORA-2007-3157
secunia	27435 27597 31961
vupen	ADV-2007-3660 ADV-2007-3661
xf	django-i18n-dos(38143)

Last major update

29-07-2017 - 01:33

Published

30-10-2007 - 19:46

Last modified

29-07-2017 - 01:33