PT-2014-3649 · Django Software Foundation+1 · Django+1
David Wilson
·
Published
2014-08-26
·
Updated
2022-05-14
·
CVE-2014-0481
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Django versions prior to 1.4.14
Django versions 1.5.x prior to 1.5.9
Django versions 1.6.x prior to 1.6.6
Django versions 1.7 before release candidate 3
Description
The issue concerns the default configuration of the file upload handling system, which uses a sequential file name generation process when a file with a conflicting name is uploaded. This allows remote attackers to cause a denial of service by consuming CPU resources through uploading multiple files with the same name.
Recommendations
For Django versions prior to 1.4.14, update to version 1.4.14 or later.
For Django versions 1.5.x prior to 1.5.9, update to version 1.5.9 or later.
For Django versions 1.6.x prior to 1.6.6, update to version 1.6.6 or later.
For Django versions 1.7 before release candidate 3, update to release candidate 3 or later.
Fix
DoS
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Django
Ubuntu