CVE-2015-0221 — Allocation of Resources Without Limits or Throttling in Django
Severity
5.0MEDIUMNVD
EPSS
9.2%
top 7.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 16
Latest updateMay 17
Description
The django.views.static.serve view in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 reads files an entire line at a time, which allows remote attackers to cause a denial of service (memory consumption) via a long line in a file.
CVSS vector
AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9
Affected Packages2 packages
Also affects: Ubuntu Linux 10.04, 12.04, 14.04, 14.10
Patches
🔴Vulnerability Details
5📋Vendor Advisories
4💬Community
5Bugzilla▶
CVE-2015-0221 Django14: Django: denial of service attack against django.views.static.serve [epel-6]↗2015-01-14
Bugzilla▶
CVE-2015-0221 python-django14: Django: denial of service attack against django.views.static.serve [fedora-20]↗2015-01-14
Bugzilla▶
CVE-2015-0221 python-django: Django: denial of service attack against django.views.static.serve [fedora-all]↗2015-01-14
Bugzilla▶
CVE-2015-0221 python-django: Django: denial of service attack against django.views.static.serve [epel-7]↗2015-01-14
Bugzilla
▶