{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-09-09T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "The verify_exists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 relies on Python libraries that attempt access to an arbitrary URL with no timeout, which allows remote attackers to cause a denial of service (resource consumption) via a URL associated with (1) a slow response, (2) a completed TCP connection with no application data sent, or (3) a large amount of application data, a related issue to CVE-2011-1521."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-01-17T19:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[oss-security] 20110916 Re: CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/09/15/5"}, {"name": "openSUSE-SU-2012:0653", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "https://hermes.opensuse.org/messages/14700881"}, {"name": "DSA-2332", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2011/dsa-2332"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=737366"}, {"name": "46614", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/46614"}, {"name": "[oss-security] 20110911 CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/09/11/1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.djangoproject.com/weblog/2011/sep/10/127/"}, {"name": "[oss-security] 20110913 Re: CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/09/13/2"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.djangoproject.com/weblog/2011/sep/09/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-4137", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The verify_exists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 relies on Python libraries that attempt access to an arbitrary URL with no timeout, which allows remote attackers to cause a denial of service (resource consumption) via a URL associated with (1) a slow response, (2) a completed TCP connection with no application data sent, or (3) a large amount of application data, a related issue to CVE-2011-1521."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20110916 Re: CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/09/15/5"}, {"name": "openSUSE-SU-2012:0653", "refsource": "SUSE", "url": "https://hermes.opensuse.org/messages/14700881"}, {"name": "DSA-2332", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2011/dsa-2332"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=737366", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=737366"}, {"name": "46614", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/46614"}, {"name": "[oss-security] 20110911 CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/09/11/1"}, {"name": "https://www.djangoproject.com/weblog/2011/sep/10/127/", "refsource": "CONFIRM", "url": "https://www.djangoproject.com/weblog/2011/sep/10/127/"}, {"name": "[oss-security] 20110913 Re: CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/09/13/2"}, {"name": "https://www.djangoproject.com/weblog/2011/sep/09/", "refsource": "CONFIRM", "url": "https://www.djangoproject.com/weblog/2011/sep/09/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T00:01:50.805Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20110916 Re: CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/09/15/5"}, {"name": "openSUSE-SU-2012:0653", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "https://hermes.opensuse.org/messages/14700881"}, {"name": "DSA-2332", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2011/dsa-2332"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=737366"}, {"name": "46614", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/46614"}, {"name": "[oss-security] 20110911 CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/09/11/1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.djangoproject.com/weblog/2011/sep/10/127/"}, {"name": "[oss-security] 20110913 Re: CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/09/13/2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.djangoproject.com/weblog/2011/sep/09/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-4137", "datePublished": "2011-10-19T10:00:00.000Z", "dateReserved": "2011-10-19T00:00:00.000Z", "dateUpdated": "2024-08-07T00:01:50.805Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*", "matchCriteriaId": "96EC0AAD-1199-4CDB-B599-A7959A160CB6", "versionEndIncluding": "1.2.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:0.91:*:*:*:*:*:*:*", "matchCriteriaId": "C40AD94B-AC89-4404-973F-5E60468D06EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:0.95:*:*:*:*:*:*:*", "matchCriteriaId": "529CD787-1C98-4F20-8A3D-90BF2B0BD790", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:0.95.1:*:*:*:*:*:*:*", "matchCriteriaId": "65A952FB-3A74-4A39-8870-1F37059C9D12", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:0.96:*:*:*:*:*:*:*", "matchCriteriaId": "7E79CFED-F8BF-48E7-897D-D1FB508DC9E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "F9023348-07A7-46E8-B45A-CC19563C5961", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "883C9BEA-8B02-42F7-90BB-F31CBCBF8B1E", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "59302184-7805-4D50-B25C-73E59DAA1E66", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "56846659-96C8-497C-8404-3975E5B6385B", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "2DAB4639-B81D-412A-A081-EFF46737CA5D", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "BF068CD9-B33A-4C51-9FBA-CFDAE91E174E", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "26D338D9-1504-4933-B833-BD7F1864E89D", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "AD257D91-EF31-4103-9007-944603ABA271", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "99387F31-9E04-4A73-A1C6-C05F96A8DB38", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.2.1:2:*:*:*:*:*:*", "matchCriteriaId": "F75FE4BB-2C64-404F-9347-25289556BE56", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "064C9403-8A43-42C7-A1FD-03CC49A32FB1", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "5BCDB95B-88F2-466A-A4F9-4C080183E39B", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "17B99C62-A653-45C1-A061-05A8FAD52107", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "DFA5071B-808F-490E-B407-37CD24ACCA47", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.3:*:*:*:*:*:*:*", "matchCriteriaId": "8F5428AE-6B63-4D27-BCC4-F228264A6F0E", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.3:alpha1:*:*:*:*:*:*", "matchCriteriaId": "06F122AC-B9BF-4E27-A7C0-F3E7B5E8A907", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.3:alpha2:*:*:*:*:*:*", "matchCriteriaId": "AF1504F2-968F-4E1A-A143-BE494E658DF0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The verify_exists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 relies on Python libraries that attempt access to an arbitrary URL with no timeout, which allows remote attackers to cause a denial of service (resource consumption) via a URL associated with (1) a slow response, (2) a completed TCP connection with no application data sent, or (3) a large amount of application data, a related issue to CVE-2011-1521."}, {"lang": "es", "value": "La funcionalidad verify_exists de la implementaci\u00f3n de URLField en Django en versiones anteriores a 1.2.7 y 1.3.x anteriores a 1.3.1 se basa en librer\u00edas Python que tratan de acceder a URLs arbitrarias sin un temporizador, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de todos los recursos) a trav\u00e9s de una URL asociada con (1) una respuesta lenta, (2) una conexi\u00f3n TCP completa sin datos enviados o (3) una gran cantidad de datos de aplicaci\u00f3n. Un problema relacionado con CVE-2011-1521."}], "id": "CVE-2011-4137", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-10-19T10:55:04.207", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://openwall.com/lists/oss-security/2011/09/11/1"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://openwall.com/lists/oss-security/2011/09/13/2"}, {"source": "cve@mitre.org", "url": "http://openwall.com/lists/oss-security/2011/09/15/5"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/46614"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2011/dsa-2332"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=737366"}, {"source": "cve@mitre.org", "url": "https://hermes.opensuse.org/messages/14700881"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.djangoproject.com/weblog/2011/sep/09/"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://www.djangoproject.com/weblog/2011/sep/10/127/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://openwall.com/lists/oss-security/2011/09/11/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://openwall.com/lists/oss-security/2011/09/13/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/09/15/5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/46614"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2011/dsa-2332"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=737366"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://hermes.opensuse.org/messages/14700881"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.djangoproject.com/weblog/2011/sep/09/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://www.djangoproject.com/weblog/2011/sep/10/127/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}