PT-2015-2245 · Django Software Foundation+2 · Django+2

Eric Peterson

Publicado

2015-07-08

Atualizado

2019-07-05

CVE-2015-5143

CVSS v4.0

8.7

Alta

Vetor

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Django versions 1.5.x through 1.6.x Django versions 1.7.x before 1.7.9 Django versions 1.8.x before 1.8.3 Django versions prior to 1.4.21

Description The issue is related to resource management errors in the Django web application platform. It can be exploited by a remote attacker to cause a denial of service by creating multiple requests with unique session keys, leading to session store consumption.

Recommendations For Django versions 1.5.x through 1.6.x, update to a version outside of this range to resolve the issue. For Django versions 1.7.x before 1.7.9, update to version 1.7.9 or later. For Django versions 1.8.x before 1.8.3, update to version 1.8.3 or later. For Django versions prior to 1.4.21, update to version 1.4.21 or later.

Correção

DoS

Allocation of Resources Without Limits

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-399CWE-770

Identificadores relacionados

ALT-PU-2015-1872

BDU:2015-11591

CVE-2015-5143

DLA-272-1

DSA-3305-1

GHSA-H582-2PCH-3XV3

MGASA-2015-0293

PYSEC-2015-20

RHSA-2015:1678

RHSA-2015:1686

SUSE-SU-2015:1810-1

SUSE-SU-2015:1815-1

SUSE-SU-2016:0044-1

USN-2671-1

Produtos afetados

Alt Linux

Django

Ubuntu

PT-2015-2245 · Django Software Foundation+2 · Django+2

CVE-2015-5143

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 50