CVE-2007-5712
published 2007-10-30CVE-2007-5712: The internationalization (i18n) framework in Django 0.91, 0.95, 0.95.1, and 0.96, and as used in other products such as PyLucid, when the USE_I18N option and…
PriorityP410low2.6CVSS 2.0
AVNACHAuNCNINAP
EPSS
1.80%
75.8th percentile
The internationalization (i18n) framework in Django 0.91, 0.95, 0.95.1, and 0.96, and as used in other products such as PyLucid, when the USE_I18N option and the i18n component are enabled, allows remote attackers to cause a denial of service (memory consumption) via many HTTP requests with large Accept-Language headers.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | python-django | < python-django 0.96-1.1 (bookworm) | python-django 0.96-1.1 (bookworm) |
| django_project | django | — | — |
| django_project | django | — | — |
| django_project | django | — | — |
| django_project | django | — | — |
| djangoproject | django | >= 0.91.0 < 0.91.1 | 0.91.1 |
| djangoproject | django | >= 0.95 < 0.95.2 | 0.95.2 |
| djangoproject | django | >= 0.96.0 < 0.96.1 | 0.96.1 |
CVSS provenance
nvdv2.02.6LOWAV:N/AC:H/Au:N/C:N/I:N/A:P
osv2.6LOW
vendor_debian2.6LOW
vendor_redhat2.6LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Django vulnerable to Denial of Service via i18n middleware component
ghsa·2022-05-01
CVE-2007-5712 [HIGH] CWE-400 Django vulnerable to Denial of Service via i18n middleware component
Django vulnerable to Denial of Service via i18n middleware component
The internationalization (i18n) framework in Django 0.91, 0.95, 0.95.1, and 0.96, and as used in other products such as PyLucid, when the USE_I18N option and the i18n component are enabled, allows remote attackers to cause a denial of service (memory consumption) via many HTTP requests with large Accept-Language headers.
OSV
Django vulnerable to Denial of Service via i18n middleware component
osv·2022-05-01
CVE-2007-5712 [HIGH] Django vulnerable to Denial of Service via i18n middleware component
Django vulnerable to Denial of Service via i18n middleware component
The internationalization (i18n) framework in Django 0.91, 0.95, 0.95.1, and 0.96, and as used in other products such as PyLucid, when the USE_I18N option and the i18n component are enabled, allows remote attackers to cause a denial of service (memory consumption) via many HTTP requests with large Accept-Language headers.
OSV
CVE-2007-5712: The internationalization (i18n) framework in Django 0
osv·2007-10-30·CVSS 2.6
CVE-2007-5712 [LOW] CVE-2007-5712: The internationalization (i18n) framework in Django 0
The internationalization (i18n) framework in Django 0.91, 0.95, 0.95.1, and 0.96, and as used in other products such as PyLucid, when the USE_I18N option and the i18n component are enabled, allows remote attackers to cause a denial of service (memory consumption) via many HTTP requests with large Accept-Language headers.
Debian
CVE-2007-5712: python-django - The internationalization (i18n) framework in Django 0.91, 0.95, 0.95.1, and 0.96...
vendor_debian·2007·CVSS 2.6
CVE-2007-5712 [LOW] CVE-2007-5712: python-django - The internationalization (i18n) framework in Django 0.91, 0.95, 0.95.1, and 0.96...
The internationalization (i18n) framework in Django 0.91, 0.95, 0.95.1, and 0.96, and as used in other products such as PyLucid, when the USE_I18N option and the i18n component are enabled, allows remote attackers to cause a denial of service (memory consumption) via many HTTP requests with large Accept-Language headers.
Scope: local
bookworm: resolved (fixed in 0.96-1.1)
bullseye: resolved (fixed in 0.96-1.1)
forky: resolved (fixed in 0.96-1.1)
sid: resolved (fixed in 0.96-1.1)
trixie: resolved (fixed in 0.96-1.1)
Red Hat
Django 0.96 i18n DoS
vendor_redhat·CVSS 2.6
CVE-2007-5712 [LOW] Django 0.96 i18n DoS
Django 0.96 i18n DoS
The internationalization (i18n) framework in Django 0.91, 0.95, 0.95.1, and 0.96, and as used in other products such as PyLucid, when the USE_I18N option and the i18n component are enabled, allows remote attackers to cause a denial of service (memory consumption) via many HTTP requests with large Accept-Language headers.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2007-5712 Django 0.96 i18n DoS [Fdevel]
bugzilla·2007-11-01·CVSS 2.6
CVE-2007-5712 [LOW] CVE-2007-5712 Django 0.96 i18n DoS [Fdevel]
CVE-2007-5712 Django 0.96 i18n DoS [Fdevel]
Fdevel tracking bug: see blocks bug list for full details of the security issue(s).
[bug automatically created by: add-tracking-bugs]
Discussion:
Update built
Bugzilla
CVE-2007-5712 Django 0.96 i18n DoS
bugzilla·2007-10-29·CVSS 2.6
CVE-2007-5712 [LOW] CVE-2007-5712 Django 0.96 i18n DoS
CVE-2007-5712 Django 0.96 i18n DoS
http://www.djangoproject.com/weblog/2007/oct/26/security-fix/
"A per-process cache used by Django's internationalization ("i18n") system to
store the results of translation lookups for particular values of the HTTP
Accept-Language header used the full value of that header as a key. An attacker
could take advantage of this by sending repeated requests with extremely large
strings in the Accept-Language header, potentially causing a denial of service
by filling available memory.
Due to limitations imposed by Web server software on the size of HTTP header
fields, combined with reasonable limits on the number of requests which may be
handled by a single server process over its lifetime, this vulnerability may be
difficult to exploit. Additionally, it is on
http://secunia.com/advisories/27435http://secunia.com/advisories/27597http://secunia.com/advisories/31961http://sourceforge.net/forum/forum.php?forum_id=749199http://www.debian.org/security/2008/dsa-1640http://www.djangoproject.com/weblog/2007/oct/26/security-fixhttp://www.securityfocus.com/bid/26227http://www.vupen.com/english/advisories/2007/3660http://www.vupen.com/english/advisories/2007/3661https://exchange.xforce.ibmcloud.com/vulnerabilities/38143https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00243.htmlhttps://www.redhat.com/archives/fedora-package-announce/2007-November/msg00257.htmlhttp://secunia.com/advisories/27435http://secunia.com/advisories/27597http://secunia.com/advisories/31961http://sourceforge.net/forum/forum.php?forum_id=749199http://www.debian.org/security/2008/dsa-1640http://www.djangoproject.com/weblog/2007/oct/26/security-fixhttp://www.securityfocus.com/bid/26227http://www.vupen.com/english/advisories/2007/3660http://www.vupen.com/english/advisories/2007/3661https://exchange.xforce.ibmcloud.com/vulnerabilities/38143https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00243.htmlhttps://www.redhat.com/archives/fedora-package-announce/2007-November/msg00257.html
2007-10-30
Published