PT-2007-6697 · Django · Django

Jacob

Published

2007-10-30

Updated

2022-05-01

CVE-2007-5712

CVSS v4.0

8.2

High

Vector

AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Django versions 0.91, 0.95, 0.95.1, and 0.96

Description The issue allows remote attackers to cause a denial of service, specifically memory consumption, by sending many HTTP requests with large Accept-Language headers when the internationalization framework is enabled.

Recommendations For Django versions 0.91, 0.95, 0.95.1, and 0.96, consider disabling the internationalization framework as a temporary workaround until a patch is available. Restrict access to the i18n component to minimize the risk of exploitation. Avoid using large Accept-Language headers in HTTP requests to the affected Django versions until the issue is resolved.

Fix

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399CWE-400

Related Identifiers

CVE-2007-5712

DSA-1640-1

GHSA-9V8H-57GV-QCH6

PYSEC-2007-1

Affected Products

Django

PT-2007-6697 · Django · Django

CVE-2007-5712

Weakness Enumeration

Related Identifiers

Affected Products

References · 27