The password reset functionality in django.contrib.auth in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not validate the length of a string representing a base36 timestamp, which allows remote attackers to cause a denial of service (resource consumption) via a URL that specifies a large base36 integer.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2011-01-10T19:18:00
Updated: 2024-08-07T03:51:17.300Z
Reserved: 2010-12-09T00:00:00
Link: CVE-2010-4535
Vulnrichment
No data.
NVD
Status : Modified
Published: 2011-01-10T20:00:16.937
Modified: 2024-11-21T01:21:09.703
Link: CVE-2010-4535
Redhat
No data.