N/A

The verify_exists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 relies on Python libraries that attempt access to an arbitrary URL with no timeout, which allows remote attackers to cause a denial of service (resource consumption) via a URL associated with (1) a slow response, (2) a completed TCP connection with no application data sent, or (3) a large amount of application data, a related issue to CVE-2011-1521.

N/A

N/A

Django ‘verify_exists’函数资源管理错误漏洞

Django是Django软件基金会的一套基于Python语言的开源Web应用框架。该框架包括面向对象的映射器、视图系统、模板系统等。 Django 1.2.7之前版本和1.3.1之前的1.3.x版本的URLField安装启用中的verify_exists函数存在资源管理错误漏洞。由于依赖Python库尝试没有超时地访问任意URL，远程攻击者可借助(1)一个与缓慢请求, (2)一个与没有应用程序数据发送连接的完整TCP,或者(3)超大数量的应用程序数据相关的URL导致拒绝服务(资源消耗)。

N/A

N/A