NVD

Id
15787  
Name
CVE-2010-4535  
Description
The password reset functionality in django.contrib.auth in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not validate the length of a string representing a base36 timestamp, which allows remote attackers to cause a denial of service (resource consumption) via a URL that specifies a large base36 integer.  
Reject
 
CVSS Version
2  
CVSS Score
5  
Severity
Medium  
CVSS Base Score
5  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:N/I:N/A:P)  
Pub Date
2017-01-18  
Published
2011-01-10  
Modified Date
2011-01-20  
Seq
2010-4535  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
89489 15787 CVE-2010-4535 http://code.djangoproject.com/changeset/15032  View
89490 15787 CVE-2010-4535 FEDORA-2011-0096  View
89491 15787 CVE-2010-4535 FEDORA-2011-0120  View
89492 15787 CVE-2010-4535 http://www.djangoproject.com/weblog/2010/dec/22/security/  View
89493 15787 CVE-2010-4535 [oss-security] 20101223 CVE Request -- Django 1.2.4, Django 1.1.3 and Django 1.3 beta 1 -- addressing two security flaws  View
89494 15787 CVE-2010-4535 [oss-security] 20110103 Re: CVE Request -- Django 1.2.4, Django 1.1.3 and Django 1.3 beta 1 -- addressing two security flaws  View
89495 15787 CVE-2010-4535 45563  View
89496 15787 CVE-2010-4535 USN-1040-1  View
89497 15787 CVE-2010-4535 ADV-2011-0048  View
89498 15787 CVE-2010-4535 ADV-2011-0098  View
89499 15787 CVE-2010-4535 https://bugzilla.redhat.com/show_bug.cgi?id=665373  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
37720 JVNDB-2010-003505 Django のパスワードリセット機能におけるサービス運用妨害 (DoS) の脆弱性 Django の django.contrib.auth のパスワードリセット機能は、base36 タイムスタンプを表す文字列の長さを検証しないため、サービス運用妨害 (リソース消費) 状態となる脆弱性が存在します。 CVE-2010-4535 47115 CVE-2010-4535 15787 5 http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-003505.html 2010-12-22 2012-03-27 View