Описание
Django Denial-of-service by filling session store
The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (session store consumption) via multiple requests with unique session keys.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2015-5143
- https://github.com/django/django/commit/1828f4341ec53a8684112d24031b767eba557663
- https://github.com/django/django/commit/2e47f3e401c29bc2ba5ab794d483cb0820855fb9
- https://github.com/django/django/commit/66d12d1ababa8f062857ee5eb43276493720bf16
- https://github.com/advisories/GHSA-h582-2pch-3xv3
- https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2015-20.yaml
- https://security.gentoo.org/glsa/201510-06
- https://www.djangoproject.com/weblog/2015/jul/08/security-releases
- http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.html
- http://lists.opensuse.org/opensuse-updates/2015-10/msg00043.html
- http://lists.opensuse.org/opensuse-updates/2015-10/msg00046.html
- http://rhn.redhat.com/errata/RHSA-2015-1678.html
- http://rhn.redhat.com/errata/RHSA-2015-1686.html
- http://www.debian.org/security/2015/dsa-3305
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- http://www.ubuntu.com/usn/USN-2671-1
Пакеты
Django
< 1.4.21
1.4.21
Django
>= 1.5, < 1.7.9
1.7.9
Django
>= 1.8, < 1.8.3
1.8.3
Связанные уязвимости
The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (session store consumption) via multiple requests with unique session keys.
The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (session store consumption) via multiple requests with unique session keys.
The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (session store consumption) via multiple requests with unique session keys.
The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7 ...
Уязвимость программной платформы для веб-приложений Django, позволяющая нарушителю вызвать отказ в обслуживании