Vulnerabilities > CVE-2011-4137 - Resource Management Errors vulnerability in Djangoproject Django
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
The verify_exists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 relies on Python libraries that attempt access to an arbitrary URL with no timeout, which allows remote attackers to cause a denial of service (resource consumption) via a URL associated with (1) a slow response, (2) a completed TCP connection with no application data sent, or (3) a large amount of application data, a related issue to CVE-2011-1521.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id OPENSUSE-2012-294.NASL description python-django update version to 1.2.7 fixes several security issues including denial of service, CSRF and information leaks: https://www.djangoproject.com/weblog/2011/sep/10/127/ last seen 2020-06-05 modified 2014-06-13 plugin id 74633 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74633 title openSUSE Security Update : python-django (openSUSE-SU-2012:0653-1) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2332.NASL description Paul McMillan, Mozilla and the Django core team discovered several vulnerabilities in Django, a Python web framework : - CVE-2011-4136 When using memory-based sessions and caching, Django sessions are stored directly in the root namespace of the cache. When user data is stored in the same cache, a remote user may take over a session. - CVE-2011-4137, CVE-2011-4138 Django last seen 2020-03-17 modified 2011-10-31 plugin id 56671 published 2011-10-31 reporter This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56671 title Debian DSA-2332-1 : python-django - several issues NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1297-1.NASL description Pall McMillan discovered that Django used the root namespace when storing cached session data. A remote attacker could exploit this to modify sessions. (CVE-2011-4136) Paul McMillan discovered that Django would not timeout on arbitrary URLs when the application used URLFields. This could be exploited by a remote attacker to cause a denial of service via resource exhaustion. (CVE-2011-4137) Paul McMillan discovered that while Django would check the validity of a URL via a HEAD request, it would instead use a GET request for the target of a redirect. This could potentially be used to trigger arbitrary GET requests via a crafted Location header. (CVE-2011-4138) It was discovered that Django would sometimes use a request last seen 2020-06-01 modified 2020-06-02 plugin id 57061 published 2011-12-09 reporter Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/57061 title Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : python-django vulnerabilities (USN-1297-1)
References
- http://openwall.com/lists/oss-security/2011/09/11/1
- http://openwall.com/lists/oss-security/2011/09/13/2
- http://openwall.com/lists/oss-security/2011/09/15/5
- http://secunia.com/advisories/46614
- http://www.debian.org/security/2011/dsa-2332
- https://bugzilla.redhat.com/show_bug.cgi?id=737366
- https://hermes.opensuse.org/messages/14700881
- https://www.djangoproject.com/weblog/2011/sep/09/
- https://www.djangoproject.com/weblog/2011/sep/10/127/