Vulnerabilities > CVE-2007-5712 - Resource Management Errors vulnerability in Django Project Django
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
The internationalization (i18n) framework in Django 0.91, 0.95, 0.95.1, and 0.96, and as used in other products such as PyLucid, when the USE_I18N option and the i18n component are enabled, allows remote attackers to cause a denial of service (memory consumption) via many HTTP requests with large Accept-Language headers.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 4 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2008-4191.NASL description - Mon May 19 2008 Michel Salim <salimma at fedoraproject.org> - 0.96.2-1 - XSS security update: CVE-2008-2302 (bz# 442757-60) - Sat Apr 5 2008 Michel Salim <salimma at fedoraproject.org> - 0.96.1-2 - Package .egg-info file on Fedora >= 9 - Thu Nov 1 2007 Michel Salim <michel.sylvan at gmail.com> 0.96.1-1 - i18n security update: CVE-2007-5712, bz#357051 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 32409 published 2008-05-22 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/32409 title Fedora 7 : Django-0.96.2-1.fc7 (2008-4191) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2008-4191. # include("compat.inc"); if (description) { script_id(32409); script_version ("1.15"); script_cvs_date("Date: 2019/08/02 13:32:27"); script_cve_id("CVE-2008-2302"); script_bugtraq_id(29209); script_xref(name:"FEDORA", value:"2008-4191"); script_name(english:"Fedora 7 : Django-0.96.2-1.fc7 (2008-4191)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Mon May 19 2008 Michel Salim <salimma at fedoraproject.org> - 0.96.2-1 - XSS security update: CVE-2008-2302 (bz# 442757-60) - Sat Apr 5 2008 Michel Salim <salimma at fedoraproject.org> - 0.96.1-2 - Package .egg-info file on Fedora >= 9 - Thu Nov 1 2007 Michel Salim <michel.sylvan at gmail.com> 0.96.1-1 - i18n security update: CVE-2007-5712, bz#357051 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=446402" ); # https://lists.fedoraproject.org/pipermail/package-announce/2008-May/010148.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?a2f9c072" ); script_set_attribute( attribute:"solution", value:"Update the affected Django package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(79); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:Django"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:7"); script_set_attribute(attribute:"patch_publication_date", value:"2008/05/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/05/22"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 7.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC7", reference:"Django-0.96.2-1.fc7")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Django"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2007-3157.NASL description - Thu Nov 1 2007 Michel Salim <michel.sylvan at gmail.com> 0.96.1-1 - i18n security update: CVE-2007-5712, bz#357051 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 28164 published 2007-11-12 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/28164 title Fedora 7 : Django-0.96.1-1.fc7 (2007-3157) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2007-3157. # include("compat.inc"); if (description) { script_id(28164); script_version ("1.14"); script_cvs_date("Date: 2019/08/02 13:32:25"); script_cve_id("CVE-2007-5712"); script_bugtraq_id(26227); script_xref(name:"FEDORA", value:"2007-3157"); script_name(english:"Fedora 7 : Django-0.96.1-1.fc7 (2007-3157)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Thu Nov 1 2007 Michel Salim <michel.sylvan at gmail.com> 0.96.1-1 - i18n security update: CVE-2007-5712, bz#357051 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=357051" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=362761" ); # https://lists.fedoraproject.org/pipermail/package-announce/2007-November/004661.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?cf5e0e6c" ); script_set_attribute( attribute:"solution", value:"Update the affected Django and / or Django-docs packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:Django"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:Django-docs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:7"); script_set_attribute(attribute:"patch_publication_date", value:"2007/11/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 7.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC7", reference:"Django-0.96.1-1.fc7")) flag++; if (rpm_check(release:"FC7", reference:"Django-docs-0.96.1-1.fc7")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get()); else security_note(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Django / Django-docs"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2007-2788.NASL description - Bug #362771 - CVE-2007-5712 Django 0.96 i18n DoS [F8] - Bug #357051 - CVE-2007-5712 Django 0.96 i18n DoS - CVE-2007-5712 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 28152 published 2007-11-12 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/28152 title Fedora 8 : Django-0.96.1-1.fc8 (2007-2788) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2007-2788. # include("compat.inc"); if (description) { script_id(28152); script_version ("1.14"); script_cvs_date("Date: 2019/08/02 13:32:25"); script_cve_id("CVE-2007-5712"); script_bugtraq_id(26227); script_xref(name:"FEDORA", value:"2007-2788"); script_name(english:"Fedora 8 : Django-0.96.1-1.fc8 (2007-2788)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Bug #362771 - CVE-2007-5712 Django 0.96 i18n DoS [F8] - Bug #357051 - CVE-2007-5712 Django 0.96 i18n DoS - CVE-2007-5712 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=357051" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=362771" ); # https://lists.fedoraproject.org/pipermail/package-announce/2007-November/004647.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?9480efa8" ); script_set_attribute( attribute:"solution", value:"Update the affected Django and / or Django-docs packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:Django"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:Django-docs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:8"); script_set_attribute(attribute:"patch_publication_date", value:"2007/11/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 8.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC8", reference:"Django-0.96.1-1.fc8")) flag++; if (rpm_check(release:"FC8", reference:"Django-docs-0.96.1-1.fc8")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get()); else security_note(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Django / Django-docs"); }
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1640.NASL description Simon Willison discovered that in Django, a Python web framework, the feature to retain HTTP POST data during user reauthentication allowed a remote attacker to perform unauthorized modification of data through cross site request forgery. This is possible regardless of the Django plugin to prevent cross site request forgery being enabled. The Common Vulnerabilities and Exposures project identifies this issue as CVE-2008-3909. In this update the affected feature is disabled; this is in accordance with upstream last seen 2020-06-01 modified 2020-06-02 plugin id 34253 published 2008-09-23 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/34253 title Debian DSA-1640-1 : python-django - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1640. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(34253); script_version("1.16"); script_cvs_date("Date: 2019/08/02 13:32:21"); script_cve_id("CVE-2007-5712", "CVE-2008-3909"); script_bugtraq_id(26227, 29209); script_xref(name:"DSA", value:"1640"); script_name(english:"Debian DSA-1640-1 : python-django - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Simon Willison discovered that in Django, a Python web framework, the feature to retain HTTP POST data during user reauthentication allowed a remote attacker to perform unauthorized modification of data through cross site request forgery. This is possible regardless of the Django plugin to prevent cross site request forgery being enabled. The Common Vulnerabilities and Exposures project identifies this issue as CVE-2008-3909. In this update the affected feature is disabled; this is in accordance with upstream's preferred solution for this situation. This update takes the opportunity to also include a relatively minor denial of service attack in the internationalisation framework, known as CVE-2007-5712." ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=497765" ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=448838" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2008-3909" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2007-5712" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2008/dsa-1640" ); script_set_attribute( attribute:"solution", value: "Upgrade the python-django package. For the stable distribution (etch), these problems have been fixed in version 0.95.1-1etch2." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(352, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python-django"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0"); script_set_attribute(attribute:"patch_publication_date", value:"2008/09/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/09/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"4.0", prefix:"python-django", reference:"0.95.1-1etch2")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
References
- http://secunia.com/advisories/27435
- http://secunia.com/advisories/27597
- http://secunia.com/advisories/31961
- http://sourceforge.net/forum/forum.php?forum_id=749199
- http://www.debian.org/security/2008/dsa-1640
- http://www.djangoproject.com/weblog/2007/oct/26/security-fix
- http://www.securityfocus.com/bid/26227
- http://www.vupen.com/english/advisories/2007/3660
- http://www.vupen.com/english/advisories/2007/3661
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38143
- https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00243.html
- https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00257.html