CVE Vulnerabilities

CVE-2015-5963

Published: Aug 24, 2015 | Modified: Oct 03, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu

contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service (session store consumption or session record removal) via a large number of requests to contrib.auth.views.logout, which triggers the creation of an empty session record.

Affected Software

Name Vendor Start Version End Version
Django Djangoproject 1.4.12 1.4.12
Django Djangoproject 1.7.5 1.7.5
Django Djangoproject 1.7.9 1.7.9
Django Djangoproject 1.7.3 1.7.3
Django Djangoproject 1.4.9 1.4.9
Django Djangoproject 1.8.2 1.8.2
Django Djangoproject 1.7 1.7
Django Djangoproject 1.7 1.7
Django Djangoproject 1.7 1.7
Django Djangoproject 1.7.7 1.7.7
Django Djangoproject 1.8.1 1.8.1
Django Djangoproject 1.8 1.8
Django Djangoproject 1.4.10 1.4.10
Django Djangoproject 1.8.3 1.8.3
Django Djangoproject 1.4.6 1.4.6
Django Djangoproject 1.4.20 1.4.20
Django Djangoproject 1.7.2 1.7.2
Django Djangoproject 1.7.4 1.7.4
Django Djangoproject 1.4.4 1.4.4
Django Djangoproject 1.7.8 1.7.8
Django Djangoproject 1.4.13 1.4.13
Django Djangoproject 1.4.5 1.4.5
Django Djangoproject 1.4.2 1.4.2
Django Djangoproject 1.4.11 1.4.11
Django Djangoproject 1.7.6 1.7.6
Django Djangoproject 1.8.0 1.8.0
Django Djangoproject 1.7 1.7
Django Djangoproject 1.4.7 1.4.7
Django Djangoproject 1.4.8 1.4.8
Django Djangoproject 1.7 1.7
Django Djangoproject 1.4 1.4
Django Djangoproject 1.4.19 1.4.19
Django Djangoproject 1.4.21 1.4.21
Django Djangoproject 1.4.1 1.4.1
Django Djangoproject 1.7.1 1.7.1
Django Djangoproject 1.7 1.7
Django Djangoproject 1.4.14 1.4.14
Django Djangoproject 1.4.17 1.4.17
Django Djangoproject 1.7 1.7

References