FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

django -- denial-of-service attack

Affected packages
py23-django < 1.1.1
py24-django < 1.1.1
py25-django < 1.1.1
py26-django < 1.1.1
py30-django < 1.1.1
py31-django < 1.1.1
py23-django-devel < 11603,1
py24-django-devel < 11603,1
py25-django-devel < 11603,1
py26-django-devel < 11603,1
py30-django-devel < 11603,1
py31-django-devel < 11603,1

Details

VuXML ID 87917d6f-ba76-11de-bac2-001a4d563a0f
Discovery 2009-10-09
Entry 2009-10-16
Modified 2010-05-02

Django project reports:

Django's forms library includes field types which perform regular-expression-based validation of email addresses and URLs. Certain addresses/URLs could trigger a pathological performance case in these regular expression, resulting in the server process/thread becoming unresponsive, and consuming excessive CPU over an extended period of time. If deliberately triggered, this could result in an effectively denial-of-service attack.

References

CVE Name CVE-2009-3695
URL http://www.djangoproject.com/weblog/2009/oct/09/security/