CVE-2010-4535

The password reset functionality in django.contrib.auth in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not validate the length of a string representing a base36 timestamp, which allows remote attackers to cause a denial of service (resource consumption) via a URL that specifies a large base36 integer.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:djangoproject:django:1.0:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:0.95.1:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:0.96:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.1:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:0.91:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:0.95:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.1.0:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:djangoproject:django:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.2:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.2.2:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:djangoproject:django:1.3:alpha2:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.3:alpha1:*:*:*:*:*:*

Information

Published : 2011-01-10 12:00

Updated : 2011-01-19 22:46


NVD link : CVE-2010-4535

Mitre link : CVE-2010-4535


JSON object : View

CWE
CWE-20

Improper Input Validation

Advertisement

dedicated server usa

Products Affected

djangoproject

  • django