CVE-2014-0481 — Uncontrolled Resource Consumption in Django
Severity
4.3MEDIUMNVD
OSV5.8
EPSS
1.1%
top 21.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedAug 26
Latest updateMay 14
Description
The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name generation process when a file with a conflicting name is uploaded, which allows remote attackers to cause a denial of service (CPU consumption) by unloading a multiple files with the same name.
CVSS vector
AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9
Affected Packages4 packages
Also affects: Debian Linux 7.0
Patches
🔴Vulnerability Details
5📋Vendor Advisories
3💬Community
7Bugzilla
▶
Bugzilla▶
CVE-2014-0480 CVE-2014-0481 CVE-2014-0482 CVE-2014-0483 python-django: various flaws [fedora-all]↗2014-08-22
Bugzilla▶
CVE-2014-0480 CVE-2014-0481 CVE-2014-0482 CVE-2014-0483 python-django15: various flaws [epel-6]↗2014-08-22
Bugzilla▶
CVE-2014-0480 CVE-2014-0481 CVE-2014-0482 CVE-2014-0483 python-django15: various flaws [fedora-20]↗2014-08-22
Bugzilla▶
CVE-2014-0480 CVE-2014-0481 CVE-2014-0482 CVE-2014-0483 python-django15: various flaws [epel-7]↗2014-08-22