contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service (session store consumption or session record removal) via a large number of requests to contrib.auth.views.logout, which triggers the creation of an empty session record.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Django | Djangoproject | 1.4.12 | 1.4.12 |
Django | Djangoproject | 1.7.5 | 1.7.5 |
Django | Djangoproject | 1.7.9 | 1.7.9 |
Django | Djangoproject | 1.7.3 | 1.7.3 |
Django | Djangoproject | 1.4.9 | 1.4.9 |
Django | Djangoproject | 1.8.2 | 1.8.2 |
Django | Djangoproject | 1.7 | 1.7 |
Django | Djangoproject | 1.7 | 1.7 |
Django | Djangoproject | 1.7 | 1.7 |
Django | Djangoproject | 1.7.7 | 1.7.7 |
Django | Djangoproject | 1.8.1 | 1.8.1 |
Django | Djangoproject | 1.8 | 1.8 |
Django | Djangoproject | 1.4.10 | 1.4.10 |
Django | Djangoproject | 1.8.3 | 1.8.3 |
Django | Djangoproject | 1.4.6 | 1.4.6 |
Django | Djangoproject | 1.4.20 | 1.4.20 |
Django | Djangoproject | 1.7.2 | 1.7.2 |
Django | Djangoproject | 1.7.4 | 1.7.4 |
Django | Djangoproject | 1.4.4 | 1.4.4 |
Django | Djangoproject | 1.7.8 | 1.7.8 |
Django | Djangoproject | 1.4.13 | 1.4.13 |
Django | Djangoproject | 1.4.5 | 1.4.5 |
Django | Djangoproject | 1.4.2 | 1.4.2 |
Django | Djangoproject | 1.4.11 | 1.4.11 |
Django | Djangoproject | 1.7.6 | 1.7.6 |
Django | Djangoproject | 1.8.0 | 1.8.0 |
Django | Djangoproject | 1.7 | 1.7 |
Django | Djangoproject | 1.4.7 | 1.4.7 |
Django | Djangoproject | 1.4.8 | 1.4.8 |
Django | Djangoproject | 1.7 | 1.7 |
Django | Djangoproject | 1.4 | 1.4 |
Django | Djangoproject | 1.4.19 | 1.4.19 |
Django | Djangoproject | 1.4.21 | 1.4.21 |
Django | Djangoproject | 1.4.1 | 1.4.1 |
Django | Djangoproject | 1.7.1 | 1.7.1 |
Django | Djangoproject | 1.7 | 1.7 |
Django | Djangoproject | 1.4.14 | 1.4.14 |
Django | Djangoproject | 1.4.17 | 1.4.17 |
Django | Djangoproject | 1.7 | 1.7 |