Description

The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name generation process when a file with a conflicting name is uploaded, which allows remote attackers to cause a denial of service (CPU consumption) by unloading a multiple files with the same name.

Remediation

References

CVE-2014-0481

Related Vulnerabilities

WordPress Plugin Security & Malware scan by CleanTalk Security Bypass (2.50)

PmWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-1481)

WordPress Plugin Feedweb Unspecified Vulnerability (3.0.7)

Zope Web Application Server CVE-2011-3587 Vulnerability (CVE-2011-3587)

WordPress Plugin Timetable and Event Schedule by MotoPress Unspecified Vulnerability (2.4.3)

Severity

Medium

Classification

CVE-2014-0481

Tags

Missing Update Known Vulnerabilities