Описание
The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (session store consumption) via multiple requests with unique session keys.
A flaw was found in the Django session backend, which could allow an unauthenticated attacker to create session records in the configured session store, causing a denial of service by filling up the session store.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux OpenStack Platform 7 (Kilo) | python-django | Not affected | ||
| Red Hat Subscription Asset Manager | Django | Will not fix | ||
| Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6 | python-django | Fixed | RHSA-2015:1686 | 25.08.2015 |
| Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7 | python-django | Fixed | RHSA-2015:1686 | 25.08.2015 |
| Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7 | python-django | Fixed | RHSA-2015:1678 | 24.08.2015 |
Показывать по
Дополнительная информация
Статус:
5 Medium
CVSS2
Связанные уязвимости
The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (session store consumption) via multiple requests with unique session keys.
The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (session store consumption) via multiple requests with unique session keys.
The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7 ...
Django Denial-of-service by filling session store
Уязвимость программной платформы для веб-приложений Django, позволяющая нарушителю вызвать отказ в обслуживании
5 Medium
CVSS2