Описание
The password reset functionality in django.contrib.auth in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not validate the length of a string representing a base36 timestamp, which allows remote attackers to cause a denial of service (resource consumption) via a URL that specifies a large base36 integer.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | released | 1.2.3-1ubuntu0.2.11.04.1 |
| hardy | ignored | end of life |
| karmic | released | 1.1.1-1ubuntu1.1 |
| lucid | released | 1.1.1-2ubuntu1.2 |
| maverick | released | 1.2.3-1ubuntu0.2.10.10.1 |
| natty | released | 1.2.3-1ubuntu0.2.11.04.1 |
| oneiric | released | 1.2.3-1ubuntu0.2.11.04.1 |
| upstream | released | 1.2.4-1 |
Показывать по
5 Medium
CVSS2
Связанные уязвимости
The password reset functionality in django.contrib.auth in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not validate the length of a string representing a base36 timestamp, which allows remote attackers to cause a denial of service (resource consumption) via a URL that specifies a large base36 integer.
The password reset functionality in django.contrib.auth in Django befo ...
5 Medium
CVSS2