Home > Vulnerability Database > CVE-2011-4137

Mend.io Vulnerability Database

CVE-2011-4137

Good to know:

Date: October 19, 2011

The verify_exists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 relies on Python libraries that attempt access to an arbitrary URL with no timeout, which allows remote attackers to cause a denial of service (resource consumption) via a URL associated with (1) a slow response, (2) a completed TCP connection with no application data sent, or (3) a large amount of application data, a related issue to CVE-2011-1521.

Language: Python

Severity Score

5.3

Related Resources (18)

Url: https://hermes.opensuse.org/messages/14700881

Url: https://github.com/django/django/commit/7268f8af86186518821d775c530d5558fd726930

Url: https://www.djangoproject.com/weblog/2011/sep/09/

Url: http://openwall.com/lists/oss-security/2011/09/11/1

Url: https://github.com/django/django/commit/1a76dbefdfc60e2d5954c0ba614c3d054ba9c3f0

Url: http://openwall.com/lists/oss-security/2011/09/13/2

Url: https://github.com/advisories/GHSA-3jqw-crqj-w8qw

Url: https://www.djangoproject.com/weblog/2011/sep/09

Url: https://www.djangoproject.com/weblog/2011/sep/10/127

Url: https://github.com/django/django

Url: http://www.debian.org/security/2011/dsa-2332

Url: https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2011-2.yaml

Url: https://nvd.nist.gov/vuln/detail/CVE-2011-4137

Url: https://www.djangoproject.com/weblog/2011/sep/10/127/

Url: https://bugzilla.redhat.com/show_bug.cgi?id=737366

Url: http://secunia.com/advisories/46614

Url: http://openwall.com/lists/oss-security/2011/09/15/5

Url: https://www.mend.io/vulnerability-database/CVE-2011-4137

Severity Score

5.3

Weakness Type (CWE)

Resource Management Errors

CWE-399

Synchronous Access of Remote Resource without Timeout

CWE-1088

Top Fix

Upgrade Version

Upgrade to version 1.2.7,1.3.1

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2011-4137

Good to know:

Date: October 19, 2011

Language: Python

Severity Score

Related Resources (18)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?