cbcvebase.
CVE-2015-3982
published 2015-06-02

CVE-2015-3982: The session.flush function in the cached_db backend in Django 1.8.x before 1.8.2 does not properly flush the session, which allows remote attackers to hijack…

PriorityP428medium5CVSS 2.0
AVNACLAuNCNIPAN
EPSS
1.75%
75.0th percentile
The session.flush function in the cached_db backend in Django 1.8.x before 1.8.2 does not properly flush the session, which allows remote attackers to hijack user sessions via an empty string in the session key.

Affected

5 ranges
VendorProductVersion rangeFixed in
debianpython-django
djangoprojectdjango
djangoprojectdjango
djangoprojectdjango>= 1.8 < 1.8.21.8.2
djangoprojectdjango>= 1.8a1 < 1.8.21.8.2

CVSS provenance

nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
vendor_debian5.0LOW
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.