CVE-2007-5712 — Uncontrolled Resource Consumption in Django

CWE-399 CWE-400 — Uncontrolled Resource Consumption9 documents7 sources

Severity

2.6LOWNVD

EPSS

1.8%

top 17.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Djangoproject Django Django Project Django

Timeline

PublishedOct 30

Latest updateMay 1

Description

The internationalization (i18n) framework in Django 0.91, 0.95, 0.95.1, and 0.96, and as used in other products such as PyLucid, when the USE_I18N option and the i18n component are enabled, allows remote attackers to cause a denial of service (memory consumption) via many HTTP requests with large Accept-Language headers.

CVSS vector

AV:N/AC:H/C:N/I:N/A:PExploitability: 4.9 | Impact: 2.9

Affected Packages2 packages

▶PyPIdjangoproject/django0.96.0 — 0.96.1+2

▶NVDdjango_project/django4 versions+3

Patches

Patch: secunia.com ↗Patch: www.debian.org ↗Patch: www.djangoproject.com ↗

🔴Vulnerability Details

GHSA

Django vulnerable to Denial of Service via i18n middleware component↗2022-05-01

▶

OSV

Django vulnerable to Denial of Service via i18n middleware component↗2022-05-01

▶

OSV

CVE-2007-5712: The internationalization (i18n) framework in Django 0↗2007-10-30

▶

CVEList

CVE-2007-5712: The internationalization (i18n) framework in Django 0↗2007-10-30

▶

📋Vendor Advisories

Debian

CVE-2007-5712: python-django - The internationalization (i18n) framework in Django 0.91, 0.95, 0.95.1, and 0.96...↗2007

▶

Red Hat

Django 0.96 i18n DoS↗

▶

💬Community

Bugzilla

CVE-2007-5712 Django 0.96 i18n DoS [Fdevel]↗2007-11-01

▶

Bugzilla

CVE-2007-5712 Django 0.96 i18n DoS↗2007-10-29

▶