PT-2015-2245 · Django Software Foundation+2 · Django+2

Eric Peterson

Published

2015-07-08

Updated

2019-07-05

CVE-2015-5143

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Django versions 1.5.x through 1.6.x Django versions 1.7.x before 1.7.9 Django versions 1.8.x before 1.8.3 Django versions prior to 1.4.21

Description The issue is related to resource management errors in the Django web application platform. It can be exploited by a remote attacker to cause a denial of service by creating multiple requests with unique session keys, leading to session store consumption.

Recommendations For Django versions 1.5.x through 1.6.x, update to a version outside of this range to resolve the issue. For Django versions 1.7.x before 1.7.9, update to version 1.7.9 or later. For Django versions 1.8.x before 1.8.3, update to version 1.8.3 or later. For Django versions prior to 1.4.21, update to version 1.4.21 or later.

Fix

DoS

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399CWE-770

Related Identifiers

ALT-PU-2015-1872

BDU:2015-11591

CVE-2015-5143

DLA-272-1

DSA-3305-1

GHSA-H582-2PCH-3XV3

MGASA-2015-0293

PYSEC-2015-20

RHSA-2015:1678

RHSA-2015:1686

SUSE-SU-2015:1810-1

SUSE-SU-2015:1815-1

SUSE-SU-2016:0044-1

USN-2671-1

Affected Products

Alt Linux

Django

Ubuntu

PT-2015-2245 · Django Software Foundation+2 · Django+2

CVE-2015-5143

Weakness Enumeration

Related Identifiers

Affected Products

References · 50