CVE-2014-0481
26.08.2014, 14:55
The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name generation process when a file with a conflicting name is uploaded, which allows remote attackers to cause a denial of service (CPU consumption) by unloading a multiple files with the same name.Enginsight
| Vendor | Product | Version |
|---|---|---|
| opensuse | opensuse | 13.1 |
| opensuse_project | opensuse | 12.3 |
| djangoproject | django | 𝑥 ≤ 1.4.13 |
| djangoproject | django | 1.4 |
| djangoproject | django | 1.4.1 |
| djangoproject | django | 1.4.2 |
| djangoproject | django | 1.4.4 |
| djangoproject | django | 1.4.5 |
| djangoproject | django | 1.4.6 |
| djangoproject | django | 1.4.7 |
| djangoproject | django | 1.4.8 |
| djangoproject | django | 1.4.9 |
| djangoproject | django | 1.4.10 |
| djangoproject | django | 1.4.11 |
| djangoproject | django | 1.4.12 |
| djangoproject | django | 1.5 |
| djangoproject | django | 1.5:alpha |
| djangoproject | django | 1.5:beta |
| djangoproject | django | 1.5.1 |
| djangoproject | django | 1.5.2 |
| djangoproject | django | 1.5.3 |
| djangoproject | django | 1.5.4 |
| djangoproject | django | 1.5.5 |
| djangoproject | django | 1.5.6 |
| djangoproject | django | 1.5.7 |
| djangoproject | django | 1.5.8 |
| djangoproject | django | 1.7:beta1 |
| djangoproject | django | 1.7:beta2 |
| djangoproject | django | 1.7:beta3 |
| djangoproject | django | 1.7:beta4 |
| djangoproject | django | 1.7:rc1 |
| djangoproject | django | 1.7:rc2 |
| djangoproject | django | 1.6 |
| djangoproject | django | 1.6:beta1 |
| djangoproject | django | 1.6:beta2 |
| djangoproject | django | 1.6:beta3 |
| djangoproject | django | 1.6:beta4 |
| djangoproject | django | 1.6.1 |
| djangoproject | django | 1.6.2 |
| djangoproject | django | 1.6.3 |
| djangoproject | django | 1.6.4 |
| djangoproject | django | 1.6.5 |
| debian | debian_linux | 7.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Common Weakness Enumeration
References