Launchpad.net

CVE 2007-5712

The internationalization (i18n) framework in Django 0.91, 0.95, 0.95.1, and 0.96, and as used in other products such as PyLucid, when the USE_I18N option and the i18n component are enabled, allows remote attackers to cause a denial of service (memory consumption) via many HTTP requests with large Accept-Language headers.

Related bugs and status

CVE-2007-5712 (Candidate) is related to these bugs:

Bug #157903: security vulnerabiity in django i18n system

		In	Importance	Status
157903	security vulnerabiity in django i18n system	python-django (Ubuntu)	Medium	Fix Released
157903	security vulnerabiity in django i18n system	python-django (Ubuntu Feisty)	Undecided	Fix Released
157903	security vulnerabiity in django i18n system	python-django (Ubuntu Gutsy)	Undecided	Fix Released
157903	security vulnerabiity in django i18n system	python-django (Ubuntu Hardy)	Medium	Fix Released
157903	security vulnerabiity in django i18n system	python-django (Debian)	Unknown	Fix Released
157903	security vulnerabiity in django i18n system	Feisty Backports	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.djangoproje...
SECUNIA: 27435
BID: 26227
CONFIRM: http://sourceforge.net...
FEDORA: FEDORA-2007-2788
FEDORA: FEDORA-2007-3157
SECUNIA: 27597
DEBIAN: DSA-1640
SECUNIA: 31961
VUPEN: ADV-2007-3660
VUPEN: ADV-2007-3661
XF: django-i18n-dos(38143)