CVE-2007-5712
First published: Tue Oct 30 2007(Updated: )
The internationalization (i18n) framework in Django 0.91, 0.95, 0.95.1, and 0.96, and as used in other products such as PyLucid, when the USE_I18N option and the i18n component are enabled, allows remote attackers to cause a denial of service (memory consumption) via many HTTP requests with large Accept-Language headers.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| pip/Django | =0.91.0 | 0.91.1 |
| pip/Django | =0.96.0 | 0.96.1 |
| pip/Django | >=0.95<0.95.2 | 0.95.2 |
| Django | =0.91 | |
| Django | =0.95.1 | |
| Django | =0.96 | |
| Django | =0.95 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.djangoproject.com/weblog/2007/oct/26/security-fix
- http://secunia.com/advisories/27435
- http://sourceforge.net/forum/forum.php?forum_id=749199
- https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00243.html
- https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00257.html
- http://www.securityfocus.com/bid/26227
- http://secunia.com/advisories/27597
- http://www.debian.org/security/2008/dsa-1640
- http://secunia.com/advisories/31961
- http://www.vupen.com/english/advisories/2007/3660
- http://www.vupen.com/english/advisories/2007/3661
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38143
- https://nvd.nist.gov/vuln/detail/CVE-2007-5712
- https://web.archive.org/web/20091201070224/http://secunia.com/advisories/27435
- https://web.archive.org/web/20111224195100/http://secunia.com/advisories/27597
- https://web.archive.org/web/20111229085535/http://secunia.com/advisories/31961
- https://web.archive.org/web/20200228183657/http://www.securityfocus.com/bid/26227
- https://github.com/django/django/commit/412ed22502e11c50dbfee854627594f0e7e2c234
- https://github.com/django/django/commit/7dd2dd08a79e388732ce00e2b5514f15bd6d0f6f
- https://github.com/django/django/commit/8bc36e726c9e8c75c681d3ad232df8e882aaac81
- https://github.com/advisories/GHSA-9v8h-57gv-qch6 (Advisory)
- https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2007-1.yaml
Frequently Asked Questions
What is the severity of CVE-2007-5712?
CVE-2007-5712 is rated as a high vulnerability due to its ability to facilitate denial of service attacks through memory consumption.
How do I fix CVE-2007-5712?
To mitigate CVE-2007-5712, upgrade to Django version 0.91.1, 0.95.2, or 0.96.1.
What versions of Django are affected by CVE-2007-5712?
CVE-2007-5712 affects Django versions 0.91, 0.95, 0.95.1, and 0.96.
Can CVE-2007-5712 be exploited without authenticated access?
Yes, CVE-2007-5712 can be exploited remotely without the need for authentication by sending multiple large HTTP requests.
What are the symptoms of an attack using CVE-2007-5712?
Symptoms of an attack exploiting CVE-2007-5712 may include significant slowdowns or unresponsiveness of the affected Django application due to memory exhaustion.
- agent/type
- agent/weakness
- agent/remedy
- agent/description
- agent/author
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- agent/event
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-9v8h-57gv-qch6
- alias/CVE-2007-5712
- agent/software-canonical-lookup
- agent/references
- agent/severity
- agent/last-modified-date
- collector/github-advisory
- agent/trending
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-cve
- source/NVD
- collector/nvd-index
- package-manager/pip
- vendor/django project
- canonical/django
- version/django/0.91
- version/django/0.95.1
- version/django/0.96
- version/django/0.95