CVE-2007-5712 - Vulnerability Details - OpenCVE

The internationalization (i18n) framework in Django 0.91, 0.95, 0.95.1, and 0.96, and as used in other products such as PyLucid, when the USE_I18N option and the i18n component are enabled, allows remote attackers to cause a denial of service (memory consumption) via many HTTP requests with large Accept-Language headers.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Django Project	Django

Configuration 1 [-]

OR	cpe:2.3:a:django_project:django:0.91:::::::*
	cpe:2.3:a:django_project:django:0.95:::::::*
	cpe:2.3:a:django_project:django:0.95.1:::::::*
	cpe:2.3:a:django_project:django:0.96:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/27435
http://secunia.com/advisories/27597
http://secunia.com/advisories/31961
http://sourceforge.net/forum/forum.php?forum_id=749199
http://www.debian.org/security/2008/dsa-1640
http://www.djangoproject.com/weblog/2007/oct/26/security-fix
http://www.securityfocus.com/bid/26227
http://www.vupen.com/english/advisories/2007/3660
http://www.vupen.com/english/advisories/2007/3661
https://exchange.xforce.ibmcloud.com/vulnerabilities/38143
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00243.html
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00257.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-10-30T19:00:00

Updated: 2024-08-07T15:39:13.639Z

Reserved: 2007-10-30T00:00:00

Link: CVE-2007-5712

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-10-30T19:46:00.000

Modified: 2024-11-21T00:38:31.333

Link: CVE-2007-5712

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-10-29T00:00:00", "descriptions": [{"lang": "en", "value": "The internationalization (i18n) framework in Django 0.91, 0.95, 0.95.1, and 0.96, and as used in other products such as PyLucid, when the USE_I18N option and the i18n component are enabled, allows remote attackers to cause a denial of service (memory consumption) via many HTTP requests with large Accept-Language headers."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2007-3660", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/3660"}, {"name": "FEDORA-2007-3157", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00257.html"}, {"name": "DSA-1640", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2008/dsa-1640"}, {"name": "27435", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27435"}, {"name": "FEDORA-2007-2788", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00243.html"}, {"name": "26227", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/26227"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sourceforge.net/forum/forum.php?forum_id=749199"}, {"name": "django-i18n-dos(38143)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38143"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.djangoproject.com/weblog/2007/oct/26/security-fix"}, {"name": "31961", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31961"}, {"name": "ADV-2007-3661", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/3661"}, {"name": "27597", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27597"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-5712", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The internationalization (i18n) framework in Django 0.91, 0.95, 0.95.1, and 0.96, and as used in other products such as PyLucid, when the USE_I18N option and the i18n component are enabled, allows remote attackers to cause a denial of service (memory consumption) via many HTTP requests with large Accept-Language headers."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2007-3660", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3660"}, {"name": "FEDORA-2007-3157", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00257.html"}, {"name": "DSA-1640", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2008/dsa-1640"}, {"name": "27435", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27435"}, {"name": "FEDORA-2007-2788", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00243.html"}, {"name": "26227", "refsource": "BID", "url": "http://www.securityfocus.com/bid/26227"}, {"name": "http://sourceforge.net/forum/forum.php?forum_id=749199", "refsource": "CONFIRM", "url": "http://sourceforge.net/forum/forum.php?forum_id=749199"}, {"name": "django-i18n-dos(38143)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38143"}, {"name": "http://www.djangoproject.com/weblog/2007/oct/26/security-fix", "refsource": "CONFIRM", "url": "http://www.djangoproject.com/weblog/2007/oct/26/security-fix"}, {"name": "31961", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31961"}, {"name": "ADV-2007-3661", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3661"}, {"name": "27597", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27597"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T15:39:13.639Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2007-3660", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/3660"}, {"name": "FEDORA-2007-3157", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00257.html"}, {"name": "DSA-1640", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2008/dsa-1640"}, {"name": "27435", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27435"}, {"name": "FEDORA-2007-2788", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00243.html"}, {"name": "26227", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/26227"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://sourceforge.net/forum/forum.php?forum_id=749199"}, {"name": "django-i18n-dos(38143)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38143"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.djangoproject.com/weblog/2007/oct/26/security-fix"}, {"name": "31961", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/31961"}, {"name": "ADV-2007-3661", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/3661"}, {"name": "27597", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27597"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-5712", "datePublished": "2007-10-30T19:00:00", "dateReserved": "2007-10-30T00:00:00", "dateUpdated": "2024-08-07T15:39:13.639Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:django_project:django:0.91:*:*:*:*:*:*:*", "matchCriteriaId": "B1CE5394-8883-47DB-9214-CCDD05811179", "vulnerable": true}, {"criteria": "cpe:2.3:a:django_project:django:0.95:*:*:*:*:*:*:*", "matchCriteriaId": "1D617048-648D-4EA1-A779-F6B157AB641E", "vulnerable": true}, {"criteria": "cpe:2.3:a:django_project:django:0.95.1:*:*:*:*:*:*:*", "matchCriteriaId": "51EFF769-F2BE-4132-B21E-C0C2974F6BA7", "vulnerable": true}, {"criteria": "cpe:2.3:a:django_project:django:0.96:*:*:*:*:*:*:*", "matchCriteriaId": "3F54F75F-B2BC-4A44-B93B-DB75856BEC45", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The internationalization (i18n) framework in Django 0.91, 0.95, 0.95.1, and 0.96, and as used in other products such as PyLucid, when the USE_I18N option and the i18n component are enabled, allows remote attackers to cause a denial of service (memory consumption) via many HTTP requests with large Accept-Language headers."}, {"lang": "es", "value": "El framework de internacionalizaci\u00f3n (i18n) en Django versiones 0.91, 0.95, 0.95.1 y 0.96, tal y como es usado en otros productos como PyLucid, cuando la opci\u00f3n USE_I18N y el componente i18n est\u00e1n habilitados, permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de memoria) por medio de muchas peticiones HTTP con encabezados Accept-Language largos."}], "id": "CVE-2007-5712", "lastModified": "2024-11-21T00:38:31.333", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-10-30T19:46:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/27435"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/27597"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/31961"}, {"source": "cve@mitre.org", "url": "http://sourceforge.net/forum/forum.php?forum_id=749199"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.debian.org/security/2008/dsa-1640"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.djangoproject.com/weblog/2007/oct/26/security-fix"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/26227"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2007/3660"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2007/3661"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38143"}, {"source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00243.html"}, {"source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00257.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/27435"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/27597"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/31961"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sourceforge.net/forum/forum.php?forum_id=749199"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.debian.org/security/2008/dsa-1640"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.djangoproject.com/weblog/2007/oct/26/security-fix"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/26227"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2007/3660"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2007/3661"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38143"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00243.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00257.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}