Published: 02/05/2013 Updated: 15/05/2013

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The form library in Django 1.3.x prior to 1.3.6, 1.4.x prior to 1.4.4, and 1.5 before release candidate 2 allows remote malicious users to bypass intended resource limits for formsets and cause a denial of service (memory consumption) or trigger server errors via a modified max_num parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
djangoproject django 1.3.2
djangoproject django 1.3.3
djangoproject django 1.3
djangoproject django 1.3.1
djangoproject django 1.4
djangoproject django 1.4.1
djangoproject django 1.4.2
djangoproject django 1.5
canonical ubuntu linux 12.04
canonical ubuntu linux 12.10
canonical ubuntu linux 11.10
canonical ubuntu linux 10.04

Synopsis Moderate: Django security update Type/Severity Security Advisory: Moderate Topic Updated Django packages that fix multiple security issues are now availablefor Red Hat OpenStack FolsomThe Red Hat Security Response Team has rated this update as having moderatesecurity impact Common Vulnerability S ...

Debian Bug report logs - #701186 python-django: CVE-2013-0305 CVE-2013-0306 Package: python-django; Maintainer for python-django is Debian Python Modules Team <python-modules-team@listsaliothdebianorg>; Source for python-django is src:python-django (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg& ...

Several security issues were fixed in Django ...

CWE-189 https://www.djangoproject.com/weblog/2013/feb/19/security/http://www.debian.org/security/2013/dsa-2634 http://ubuntu.com/usn/usn-1757-1 http://rhn.redhat.com/errata/RHSA-2013-0670.html https://access.redhat.com/errata/RHSA-2013:0670 https://usn.ubuntu.com/1757-1/https://nvd.nist.gov

CVE-2013-0306

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect