pysec-2015-22
Vulnerability from pysec
Published
2015-08-24 14:59
Modified
2021-07-15 02:22
Details
contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service (session store consumption or session record removal) via a large number of requests to contrib.auth.views.logout, which triggers the creation of an empty session record.
Aliases
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "django",
"purl": "pkg:pypi/django"
},
"ranges": [
{
"events": [
{
"introduced": "1.8"
},
{
"fixed": "1.8.4"
},
{
"introduced": "1.7"
},
{
"fixed": "1.7.10"
},
{
"introduced": "1.4"
},
{
"fixed": "1.4.22"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.4",
"1.4.1",
"1.4.10",
"1.4.11",
"1.4.12",
"1.4.13",
"1.4.14",
"1.4.15",
"1.4.16",
"1.4.17",
"1.4.18",
"1.4.19",
"1.4.2",
"1.4.20",
"1.4.21",
"1.4.3",
"1.4.4",
"1.4.5",
"1.4.6",
"1.4.7",
"1.4.8",
"1.4.9",
"1.7",
"1.7.1",
"1.7.2",
"1.7.3",
"1.7.4",
"1.7.5",
"1.7.6",
"1.7.7",
"1.7.8",
"1.7.9",
"1.8",
"1.8.1",
"1.8.2",
"1.8.3"
]
}
],
"aliases": [
"CVE-2015-5963"
],
"details": "contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service (session store consumption or session record removal) via a large number of requests to contrib.auth.views.logout, which triggers the creation of an empty session record.",
"id": "PYSEC-2015-22",
"modified": "2021-07-15T02:22:09.927134Z",
"published": "2015-08-24T14:59:00Z",
"references": [
{
"type": "ARTICLE",
"url": "https://www.djangoproject.com/weblog/2015/aug/18/security-releases/"
},
{
"type": "ADVISORY",
"url": "http://www.ubuntu.com/usn/USN-2720-1"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/76428"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.html"
},
{
"type": "ADVISORY",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1894.html"
},
{
"type": "ADVISORY",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1767.html"
},
{
"type": "ADVISORY",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1766.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00035.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00026.html"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1033318"
},
{
"type": "ADVISORY",
"url": "http://www.debian.org/security/2015/dsa-3338"
},
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2015:1876"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.