Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2013-1443

Published: 23/09/2013 Updated: 28/01/2014
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Djangoproject

Vulnerability Summary

The authentication framework (django.contrib.auth) in Django 1.4.x prior to 1.4.8, 1.5.x prior to 1.5.4, and 1.6.x prior to 1.6 beta 4 allows remote malicious users to cause a denial of service (CPU consumption) via a long password which is then hashed.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

djangoproject django 1.4.5

djangoproject django 1.4.6

djangoproject django 1.4

djangoproject django 1.4.1

djangoproject django 1.4.2

djangoproject django 1.4.4

djangoproject django 1.4.7

djangoproject django 1.6

djangoproject django 1.5

djangoproject django 1.5.3

djangoproject django 1.5.1

djangoproject django 1.5.2

Vendor Advisories

Debian CVElist Bug Report Logs: python-django: CVE-2013-1443: denial-of-service via large passwords
Debian Bug report logs - #723043 python-django: CVE-2013-1443: denial-of-service via large passwords Package: python-django; Maintainer for python-django is Debian Python Modules Team <python-modules-team@listsaliothdebianorg>; Source for python-django is src:python-django (PTS, buildd, popcon) Reported by: Henri Salo &lt ...
Ubuntu Security Notice: python-django vulnerabilities
Several security issues were fixed in Django ...
Debian Security Advisories: DSA-2758-1 python-django -- denial of service
It was discovered that python-django, a high-level Python web develompent framework, is prone to a denial of service vulnerability via large passwords A non-authenticated remote attacker could mount a denial of service by submitting arbitrarily large passwords, tying up server resources in the expensive computation of the corresponding hashes to v ...
Red Hat: CVE-2013-1443
The authentication framework (djangocontribauth) in Django 14x before 148, 15x before 154, and 16x before 16 beta 4 allows remote attackers to cause a denial of service (CPU consumption) via a long password which is then hashed ...

References

CWE-287http://www.debian.org/security/2013/dsa-2758https://www.djangoproject.com/weblog/2013/sep/15/security/http://python.6.x6.nabble.com/Set-a-reasonable-upper-bound-on-password-length-td5032218.htmlhttp://lists.opensuse.org/opensuse-updates/2013-10/msg00015.htmlhttp://lists.opensuse.org/opensuse-updates/2013-11/msg00035.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=723043https://usn.ubuntu.com/1967-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2013-1443
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4654CVE-2023-49606encryptionNULL pointer dereferenceCVE-2024-4439CVE-2024-4649race conditionCVE-2024-27202CVE-2024-34566
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook