PT-2015-1975 · Django Software Foundation+2 · Django+2

Lin Hua Cheng

Publicado

2015-08-18

Atualizado

2022-05-17

CVE-2015-5964

CVSS v4.0

6.6

Média

Vetor

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

Name of the Vulnerable Software and Affected Versions Django versions 1.4.x through 1.4.21 Django versions 1.7.x through 1.7.9

Description The issue is related to errors in resource management in the contrib.sessions.backends.base.SessionBase.flush and cache db.SessionStore.flush functions of the Django framework. This can be exploited by a remote attacker to cause a denial of service under certain conditions. The exploitation allows attackers to consume session store resources, leading to a denial of service.

Recommendations For Django versions 1.4.x through 1.4.21, update to version 1.4.22 or later. For Django versions 1.7.x through 1.7.9, update to version 1.7.10 or later.

Correção

DoS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-399

Identificadores relacionados

ALT-PU-2015-1872

BDU:2015-11321

CVE-2015-5964

DLA-301-1

DSA-3338-1

GHSA-X38M-486C-2WR9

MGASA-2015-0327

PYSEC-2015-23

RHSA-2015:1766

RHSA-2015:1767

RHSA-2015:1894

USN-2720-1

Produtos afetados

Alt Linux

Django

Ubuntu

PT-2015-1975 · Django Software Foundation+2 · Django+2

CVE-2015-5964

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 36