The (1) contrib.sessions.backends.base.SessionBase.flush and (2) cache_db.SessionStore.flush functions in Django 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions create empty sessions in certain circumstances, which allows remote attackers to cause a denial of service (session store consumption) via unspecified vectors.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P
Vendors Products
Oracle
  • Solaris
Canonical
  • Ubuntu Linux
Djangoproject
  • Django

Configuration 1 [-]

OR cpe:2.3:a:djangoproject:django:1.4:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.4.4:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.4.5:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.4.6:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.4.7:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.4.8:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.4.9:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.4.10:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.4.11:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.4.12:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.4.13:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.4.14:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.4.17:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.4.19:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.4.20:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.4.21:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.7:beta1:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.7:beta2:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.7:beta3:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.7:beta4:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.7:rc1:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.7:rc2:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.7:rc3:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.7.1:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.7.2:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.7.3:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.7.4:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.7.5:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.7.6:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.7.7:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.7.8:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.7.9:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8:beta1:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.0:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.1:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.2:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.3:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*

Configuration 3 [-]

cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
References
Link Resource
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.html
http://rhn.redhat.com/errata/RHSA-2015-1766.html
http://rhn.redhat.com/errata/RHSA-2015-1767.html
http://rhn.redhat.com/errata/RHSA-2015-1894.html
http://www.debian.org/security/2015/dsa-3338
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html Third Party Advisory
http://www.securityfocus.com/bid/76440
http://www.securitytracker.com/id/1033318
http://www.ubuntu.com/usn/USN-2720-1 Third Party Advisory
https://www.djangoproject.com/weblog/2015/aug/18/security-releases/ Patch Vendor Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2015-08-24T14:00:00

Updated: 2016-12-22T18:57:01

Reserved: 2015-08-07T00:00:00

Link: CVE-2015-5964

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2015-08-24T14:59:09.837

Modified: 2016-12-24T02:59:31.793

Link: CVE-2015-5964

JSON object: View

cve-icon Redhat Information

No data.

CWE