CVE-2015-5963 — Allocation of Resources Without Limits or Throttling in Django
Severity
5.0MEDIUMNVD
EPSS
5.2%
top 10.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedAug 24
Latest updateMay 17
Description
contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service (session store consumption or session record removal) via a large number of requests to contrib.auth.views.logout, which triggers the creation of an empty session record.
CVSS vector
AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9
Affected Packages3 packages
Also affects: Ubuntu Linux 12.04, 14.04, 15.04
Patches
🔴Vulnerability Details
4📋Vendor Advisories
3💬Community
3Bugzilla▶
CVE-2015-5963 python-django: Denial-of-service possibility in logout() view by filling session store [fedora-all]↗2015-08-19
Bugzilla▶
CVE-2015-5963 python-django: Denial-of-service possibility in logout() view by filling session store↗2015-08-12
Bugzilla▶
CVE-2015-5964 python-django: Denial-of-service possibility in logout() view by filling session store↗2015-08-12