cbcvebase.
CVE-2014-0481
published 2014-08-26

CVE-2014-0481: The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate…

PriorityP419medium4.3CVSS 2.0
AVNACMAuNCNINAP
EPSS
2.45%
82.4th percentile
The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name generation process when a file with a conflicting name is uploaded, which allows remote attackers to cause a denial of service (CPU consumption) by unloading a multiple files with the same name.

Affected

36 ranges· showing 25
VendorProductVersion rangeFixed in
debiandebian_linux
debianpython-django< python-django 1.6.6-1 (bookworm)python-django 1.6.6-1 (bookworm)
djangoprojectdjango<= 1.4.13
djangoprojectdjango
djangoprojectdjango
djangoprojectdjango
djangoprojectdjango
djangoprojectdjango
djangoprojectdjango
djangoprojectdjango
djangoprojectdjango
djangoprojectdjango
djangoprojectdjango
djangoprojectdjango
djangoprojectdjango
djangoprojectdjango
djangoprojectdjango
djangoprojectdjango
djangoprojectdjango
djangoprojectdjango
djangoprojectdjango
djangoprojectdjango
djangoprojectdjango
djangoprojectdjango
djangoprojectdjango

CVSS provenance

nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv5.8MEDIUM
vendor_ubuntu5.8MEDIUM
vendor_debian4.3MEDIUM
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.