CVE-2009-3695
published 2009-10-13CVE-2009-3695: Algorithmic complexity vulnerability in the forms library in Django 1.0 before 1.0.4 and 1.1 before 1.1.1 allows remote attackers to cause a denial of service…
PriorityP420medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
3.69%
88.3th percentile
Algorithmic complexity vulnerability in the forms library in Django 1.0 before 1.0.4 and 1.1 before 1.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a crafted (1) EmailField (email address) or (2) URLField (URL) that triggers a large amount of backtracking in a regular expression.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | python-django | < python-django 1.1.1-1 (bookworm) | python-django 1.1.1-1 (bookworm) |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | >= 1.0 < 1.0.4 | 1.0.4 |
| djangoproject | django | >= 1.1 < 1.1.1 | 1.1.1 |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0MEDIUM
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Django Regex Algorithmic Complexity Causes Denial of Service
osv·2022-05-02
CVE-2009-3695 [HIGH] Django Regex Algorithmic Complexity Causes Denial of Service
Django Regex Algorithmic Complexity Causes Denial of Service
Algorithmic complexity vulnerability in the forms library in Django 1.0 before 1.0.4 and 1.1 before 1.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a crafted (1) EmailField (email address) or (2) URLField (URL) that triggers a large amount of backtracking in a regular expression.
GHSA
Django Regex Algorithmic Complexity Causes Denial of Service
ghsa·2022-05-02
CVE-2009-3695 [HIGH] CWE-1333 Django Regex Algorithmic Complexity Causes Denial of Service
Django Regex Algorithmic Complexity Causes Denial of Service
Algorithmic complexity vulnerability in the forms library in Django 1.0 before 1.0.4 and 1.1 before 1.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a crafted (1) EmailField (email address) or (2) URLField (URL) that triggers a large amount of backtracking in a regular expression.
OSV
CVE-2009-3695: Algorithmic complexity vulnerability in the forms library in Django 1
osv·2009-10-13·CVSS 5.0
CVE-2009-3695 [MEDIUM] CVE-2009-3695: Algorithmic complexity vulnerability in the forms library in Django 1
Algorithmic complexity vulnerability in the forms library in Django 1.0 before 1.0.4 and 1.1 before 1.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a crafted (1) EmailField (email address) or (2) URLField (URL) that triggers a large amount of backtracking in a regular expression.
Debian
CVE-2009-3695: python-django - Algorithmic complexity vulnerability in the forms library in Django 1.0 before 1...
vendor_debian·2009·CVSS 5.0
CVE-2009-3695 [MEDIUM] CVE-2009-3695: python-django - Algorithmic complexity vulnerability in the forms library in Django 1.0 before 1...
Algorithmic complexity vulnerability in the forms library in Django 1.0 before 1.0.4 and 1.1 before 1.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a crafted (1) EmailField (email address) or (2) URLField (URL) that triggers a large amount of backtracking in a regular expression.
Scope: local
bookworm: resolved (fixed in 1.1.1-1)
bullseye: resolved (fixed in 1.1.1-1)
forky: resolved (fixed in 1.1.1-1)
sid: resolved (fixed in 1.1.1-1)
trixie: resolved (fixed in 1.1.1-1)
Red Hat
Django's forms DOS in 1.1/1.0
vendor_redhat·CVSS 5.0
CVE-2009-3695 [MEDIUM] Django's forms DOS in 1.1/1.0
Django's forms DOS in 1.1/1.0
Algorithmic complexity vulnerability in the forms library in Django 1.0 before 1.0.4 and 1.1 before 1.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a crafted (1) EmailField (email address) or (2) URLField (URL) that triggers a large amount of backtracking in a regular expression.
No detection rules found.
No public exploits indexed.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550457http://groups.google.com/group/django-users/browse_thread/thread/15df9e45118dfc51/http://secunia.com/advisories/36948http://secunia.com/advisories/36968http://www.debian.org/security/2009/dsa-1905http://www.djangoproject.com/weblog/2009/oct/09/security/http://www.openwall.com/lists/oss-security/2009/10/13/6http://www.securityfocus.com/bid/36655http://www.vupen.com/english/advisories/2009/2871https://exchange.xforce.ibmcloud.com/vulnerabilities/53727http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550457http://groups.google.com/group/django-users/browse_thread/thread/15df9e45118dfc51/http://secunia.com/advisories/36948http://secunia.com/advisories/36968http://www.debian.org/security/2009/dsa-1905http://www.djangoproject.com/weblog/2009/oct/09/security/http://www.openwall.com/lists/oss-security/2009/10/13/6http://www.securityfocus.com/bid/36655http://www.vupen.com/english/advisories/2009/2871https://exchange.xforce.ibmcloud.com/vulnerabilities/53727
2009-10-13
Published