PT-2013-3139 · Django · Django

Publicado

2013-09-19

·

Atualizado

2022-05-17

·

CVE-2013-1443

CVSS v4.0

8.7

Alta

VetorAV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Name of the Vulnerable Software and Affected Versions Django versions 1.4.x through 1.4.7 Django versions 1.5.x through 1.5.3 Django versions 1.6.x through 1.6 beta 3
Description The issue allows remote attackers to cause a denial of service by consuming CPU resources. This is achieved by providing a long password that is then hashed, exploiting the authentication framework in Django.
Recommendations For Django versions 1.4.x through 1.4.7, update to version 1.4.8 or later. For Django versions 1.5.x through 1.5.3, update to version 1.5.4 or later. For Django versions 1.6.x through 1.6 beta 3, update to version 1.6 beta 4 or later.

Correção

DoS

Improper Authentication

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287CWE-400

Identificadores relacionados

CVE-2013-1443
DSA-2758-1
GHSA-4C42-4RXM-X6QF
MGASA-2013-0284
PYSEC-2013-18

Produtos afetados

Django