CVE-2015-5963

CVSS v4.0

6.6

Medium

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

Name of the Vulnerable Software and Affected Versions Django versions 1.4.x through 1.4.21 Django versions 1.7.x through 1.7.9 Django versions 1.8.x through 1.8.3

Description The issue is related to a resource management error in the contrib.sessions.middleware.SessionMiddleware component of the Django web application framework. It allows remote attackers to cause a denial of service by consuming session store resources or removing session records. This can be achieved by sending a large number of requests to the contrib.auth.views.logout endpoint, which triggers the creation of an empty session record.

Recommendations For Django versions 1.4.x through 1.4.21, update to version 1.4.22 or later. For Django versions 1.7.x through 1.7.9, update to version 1.7.10 or later. For Django versions 1.8.x through 1.8.3, update to version 1.8.4 or later. As a temporary workaround, consider restricting access to the contrib.auth.views.logout endpoint to minimize the risk of exploitation.

Fix

DoS

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399CWE-770

Related Identifiers

ALT-PU-2015-1872

BDU:2015-11320

CVE-2015-5963

DLA-301-1

DSA-3338-1

GHSA-PGXH-WFW4-JX2V

MGASA-2015-0327

OPENSUSE-SU-2023:0077-1

OPENSUSE-SU-2024:10066-1

OPENSUSE-SU-2024:11205-1

OPENSUSE-SU-2024:13887-1

OPENSUSE-SU-2024:14208-1

OPENSUSE-SU-2026:10005-1

PYSEC-2015-22

RHSA-2015:1766

RHSA-2015:1767

RHSA-2015:1876

RHSA-2015:1894

SUSE-SU-2015:1810-1

SUSE-SU-2015:1815-1

SUSE-SU-2016:0044-1

USN-2720-1

Affected Products

Alt Linux

Django

Ubuntu

CVE-2015-5963

Weakness Enumeration

Related Identifiers

Affected Products

References · 137