Description
The password reset functionality in django.contrib.auth in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not validate the length of a string representing a base36 timestamp, which allows remote attackers to cause a denial of service (resource consumption) via a URL that specifies a large base36 integer.
Remediation
References
Related Vulnerabilities
WordPress Plugin Grid Gallery-Photo Image Grid Gallery Cross-Site Scripting (1.2.4)
Apache Tomcat Numeric Errors Vulnerability (CVE-2012-0022)
PHP Use of Uninitialized Resource Vulnerability (CVE-2015-3414)
WordPress 3.5.1 Multiple Vulnerabilities (2.0 - 3.5.1)
WordPress Plugin twimp-wp-twitter multi publisher Cross-Site Request Forgery (0.1)