Описание
contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service (session store consumption or session record removal) via a large number of requests to contrib.auth.views.logout, which triggers the creation of an empty session record.
Ссылки
- Third Party Advisory
- Third Party Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Одно из
Одно из
EPSS
5 Medium
CVSS2
Дефекты
Связанные уязвимости
contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service (session store consumption or session record removal) via a large number of requests to contrib.auth.views.logout, which triggers the creation of an empty session record.
contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service (session store consumption or session record removal) via a large number of requests to contrib.auth.views.logout, which triggers the creation of an empty session record.
contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1 ...
Django denial of service via empty session record creation
Уязвимость фреймворка для веб-приложений Django, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
5 Medium
CVSS2