Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2015-0222

Published: 16/01/2015 Updated: 22/12/2016
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Ubuntu Linux

Vulnerability Summary

ModelMultipleChoiceField in Django 1.6.x prior to 1.6.10 and 1.7.x prior to 1.7.3, when show_hidden_initial is set to True, allows remote malicious users to cause a denial of service by submitting duplicate values, which triggers a large number of SQL queries.

Vulnerable Product Search on Vulmon Subscribe to Product

canonical ubuntu linux 14.04

canonical ubuntu linux 12.04

canonical ubuntu linux 10.04

canonical ubuntu linux 14.10

djangoproject django 1.6.4

djangoproject django 1.6.5

djangoproject django 1.7.2

djangoproject django 1.6

djangoproject django 1.6.1

djangoproject django 1.6.8

djangoproject django 1.6.9

djangoproject django 1.6.2

djangoproject django 1.6.3

djangoproject django 1.7

djangoproject django 1.7.1

djangoproject django

djangoproject django 1.6.6

djangoproject django 1.6.7

Vendor Advisories

Debian CVElist Bug Report Logs: python-django: CVE-2015-0219 CVE-2015-0220 CVE-2015-0221 CVE-2015-0222
Debian Bug report logs - #775375 python-django: CVE-2015-0219 CVE-2015-0220 CVE-2015-0221 CVE-2015-0222 Package: src:python-django; Maintainer for src:python-django is Debian Python Modules Team <python-modules-team@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 14 Jan 2015 ...
Ubuntu Security Notice: python-django regression
USN-2469-1 caused a regression in Django ...
Ubuntu Security Notice: python-django vulnerabilities
Several security issues were fixed in Django ...
Red Hat: CVE-2015-0222
ModelMultipleChoiceField in Django 16x before 1610 and 17x before 173, when show_hidden_initial is set to True, allows remote attackers to cause a denial of service by submitting duplicate values, which triggers a large number of SQL queries ...

References

CWE-17http://secunia.com/advisories/62285https://www.djangoproject.com/weblog/2015/jan/13/security/http://secunia.com/advisories/62309http://ubuntu.com/usn/usn-2469-1http://advisories.mageia.org/MGASA-2015-0026.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2015:109http://lists.opensuse.org/opensuse-updates/2015-04/msg00001.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-January/148485.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-January/148696.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-January/148608.htmlhttp://lists.opensuse.org/opensuse-updates/2015-09/msg00035.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775375https://nvd.nist.govhttps://usn.ubuntu.com/2469-2/https://access.redhat.com/security/cve/cve-2015-0222
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4654CVE-2023-49606encryptionNULL pointer dereferenceCVE-2024-4439CVE-2024-4649race conditionCVE-2024-27202CVE-2024-34566
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook