CVE-2014-0481 — MEDIUM (4.3)

Q: How severe is CVE-2014-0481?

CVE-2014-0481 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-0481?

Check the references section above for vendor advisories and patch information. Affected products include: Opensuse Opensuse, Opensuse Project Opensuse, Djangoproject Django, Debian Debian Linux.

Vulnerability Description

The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name generation process when a file with a conflicting name is uploaded, which allows remote attackers to cause a denial of service (CPU consumption) by unloading a multiple files with the same name.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:N/I:N/A:P

Confidentiality

NONE

Integrity

NONE

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Opensuse	Opensuse	13.1
Opensuse Project	Opensuse	12.3
Djangoproject	Django	<= 1.4.13
Debian	Debian Linux	7.0

Related Weaknesses (CWE)

CWE-399

References

http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.htmlThird Party Advisory
http://secunia.com/advisories/59782
http://secunia.com/advisories/61276
http://secunia.com/advisories/61281
http://www.debian.org/security/2014/dsa-3010Third Party Advisory
https://www.djangoproject.com/weblog/2014/aug/20/security/PatchVendor Advisory
http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.htmlThird Party Advisory
http://secunia.com/advisories/59782
http://secunia.com/advisories/61276
http://secunia.com/advisories/61281
http://www.debian.org/security/2014/dsa-3010Third Party Advisory
https://www.djangoproject.com/weblog/2014/aug/20/security/PatchVendor Advisory

FAQ

What is CVE-2014-0481?

CVE-2014-0481 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name generation...

How severe is CVE-2014-0481?

CVE-2014-0481 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-0481?

Check the references section above for vendor advisories and patch information. Affected products include: Opensuse Opensuse, Opensuse Project Opensuse, Djangoproject Django, Debian Debian Linux.