CVE-2011-4137
published 2011-10-19CVE-2011-4137: The verify_exists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 relies on Python libraries that attempt access to…
PriorityP425medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
3.02%
85.8th percentile
The verify_exists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 relies on Python libraries that attempt access to an arbitrary URL with no timeout, which allows remote attackers to cause a denial of service (resource consumption) via a URL associated with (1) a slow response, (2) a completed TCP connection with no application data sent, or (3) a large amount of application data, a related issue to CVE-2011-1521.
Affected
22 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | python-django | < python-django 1.3.1-1 (bookworm) | python-django 1.3.1-1 (bookworm) |
| djangoproject | django | <= 1.2.6 | — |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | >= 0 < 1.2.7 | 1.2.7 |
| djangoproject | django | >= 1.3 < 1.3.1 | 1.3.1 |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
ghsa6.4MEDIUM
osv6.4MEDIUM
vendor_debian6.4MEDIUM
vendor_ubuntu5.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Django vulnerabilities
vendor_ubuntu·2011-12-09·CVSS 5.8
CVE-2011-4136 [MEDIUM] Django vulnerabilities
Title: Django vulnerabilities
Summary: Applications using Django could be made to crash or expose sensitive
information.
Pall McMillan discovered that Django used the root namespace when storing
cached session data. A remote attacker could exploit this to modify
sessions. (CVE-2011-4136)
Paul McMillan discovered that Django would not timeout on arbitrary URLs
when the application used URLFields. This could be exploited by a remote
attacker to cause a denial of service via resource exhaustion.
(CVE-2011-4137)
Paul McMillan discovered that while Django would check the validity of a
URL via a HEAD request, it would instead use a GET request for the target
of a redirect. This could potentially be used to trigger arbitrary GET
requests via a crafted Location header. (CVE-2011-4138)
It was
Debian
CVE-2011-4137: python-django - The verify_exists functionality in the URLField implementation in Django before ...
vendor_debian·2011·CVSS 6.4
CVE-2011-4137 [MEDIUM] CVE-2011-4137: python-django - The verify_exists functionality in the URLField implementation in Django before ...
The verify_exists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 relies on Python libraries that attempt access to an arbitrary URL with no timeout, which allows remote attackers to cause a denial of service (resource consumption) via a URL associated with (1) a slow response, (2) a completed TCP connection with no application data sent, or (3) a large amount of application data, a related issue to CVE-2011-1521.
Scope: local
bookworm: resolved (fixed in 1.3.1-1)
bullseye: resolved (fixed in 1.3.1-1)
forky: resolved (fixed in 1.3.1-1)
sid: resolved (fixed in 1.3.1-1)
trixie: resolved (fixed in 1.3.1-1)
GHSA
Denial of service in django
ghsa·2018-07-23·CVSS 6.4
CVE-2011-4137 [MEDIUM] CWE-1088 Denial of service in django
Denial of service in django
The verify_exists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 relies on Python libraries that attempt access to an arbitrary URL with no timeout, which allows remote attackers to cause a denial of service (resource consumption) via a URL associated with (1) a slow response, (2) a completed TCP connection with no application data sent, or (3) a large amount of application data, a related issue to CVE-2011-1521.
OSV
Denial of service in django
osv·2018-07-23·CVSS 6.4
CVE-2011-4137 [MEDIUM] Denial of service in django
Denial of service in django
The verify_exists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 relies on Python libraries that attempt access to an arbitrary URL with no timeout, which allows remote attackers to cause a denial of service (resource consumption) via a URL associated with (1) a slow response, (2) a completed TCP connection with no application data sent, or (3) a large amount of application data, a related issue to CVE-2011-1521.
OSV
CVE-2011-4137: The verify_exists functionality in the URLField implementation in Django before 1
osv·2011-10-19·CVSS 6.4
CVE-2011-4137 [MEDIUM] CVE-2011-4137: The verify_exists functionality in the URLField implementation in Django before 1
The verify_exists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 relies on Python libraries that attempt access to an arbitrary URL with no timeout, which allows remote attackers to cause a denial of service (resource consumption) via a URL associated with (1) a slow response, (2) a completed TCP connection with no application data sent, or (3) a large amount of application data, a related issue to CVE-2011-1521.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2011-4136, CVE-2011-4137, CVE-2011-4138, CVE-2011-4139, CVE-2011-4140 Django: v1.3.1, v1.2.7 multiple security flaws [epel-6]
bugzilla·2011-09-30·CVSS 5.8
CVE-2011-4136 [MEDIUM] CVE-2011-4136, CVE-2011-4137, CVE-2011-4138, CVE-2011-4139, CVE-2011-4140 Django: v1.3.1, v1.2.7 multiple security flaws [epel-6]
CVE-2011-4136, CVE-2011-4137, CVE-2011-4138, CVE-2011-4139, CVE-2011-4140 Django: v1.3.1, v1.2.7 multiple security flaws [epel-6]
epel-6 tracking bug for Django: see blocks bug list for full details of the security issue(s).
This bug is never intended to be made public, please put any public notes
in the 'blocks' bugs.
[bug automatically created by: add-tracking-bugs]
Discussion:
Missed the 1.2.7 errata announcement, my apologies.
---
Django-1.2.7-1.el6 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/Django-1.2.7-1.el6
---
Package Django-1.2.7-1.el6:
* should fix your issue,
* was pushed to the Fedora EPEL 6 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=ep
Bugzilla
CVE-2011-4136 CVE-2011-4137 CVE-2011-4138 CVE-2011-4139 CVE-2011-4140 Django: v1.3.1, v1.2.7 multiple security flaws
bugzilla·2011-09-11·CVSS 5.8
CVE-2011-4136 [MEDIUM] CVE-2011-4136 CVE-2011-4137 CVE-2011-4138 CVE-2011-4139 CVE-2011-4140 Django: v1.3.1, v1.2.7 multiple security flaws
CVE-2011-4136 CVE-2011-4137 CVE-2011-4138 CVE-2011-4139 CVE-2011-4140 Django: v1.3.1, v1.2.7 multiple security flaws
Multiple security flaws have been recently addressed in the v1.3.1 and v1.2.7 versions of the Django Python Web framework (from [1]):
1, Session manipulation,
2, Denial of service attack via URLField,
3, URLField redirection,
4, Host header cache poisoning,
5, Host header and CSRF,
6, Cross-subdomain CSRF attacks,
7, DEBUG pages and sensitive POST data
References:
[1] https://www.djangoproject.com/weblog/2011/sep/09/
Discussion:
Created attachment 522611
Local text copy of Django upstream archive post from 2011-09-09
---
CVE(s) Request:
[2] http://www.openwall.com/lists/oss-security/2011/09/11/1
---
These issues are scheduled to be addressed in the following releases
http://openwall.com/lists/oss-security/2011/09/11/1http://openwall.com/lists/oss-security/2011/09/13/2http://openwall.com/lists/oss-security/2011/09/15/5http://secunia.com/advisories/46614http://www.debian.org/security/2011/dsa-2332https://bugzilla.redhat.com/show_bug.cgi?id=737366https://hermes.opensuse.org/messages/14700881https://www.djangoproject.com/weblog/2011/sep/09/https://www.djangoproject.com/weblog/2011/sep/10/127/http://openwall.com/lists/oss-security/2011/09/11/1http://openwall.com/lists/oss-security/2011/09/13/2http://openwall.com/lists/oss-security/2011/09/15/5http://secunia.com/advisories/46614http://www.debian.org/security/2011/dsa-2332https://bugzilla.redhat.com/show_bug.cgi?id=737366https://hermes.opensuse.org/messages/14700881https://www.djangoproject.com/weblog/2011/sep/09/https://www.djangoproject.com/weblog/2011/sep/10/127/
2011-10-19
Published