Lucene search

[email protected]NVD:CVE-2015-5964

HistoryAug 24, 2015 - 2:59 p.m.

CVE-2015-5964

2015-08-2414:59:09

CWE-399

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.5 Medium

AI Score

Confidence

Low

0.016 Low

EPSS

Percentile

87.6%

JSON

The (1) contrib.sessions.backends.base.SessionBase.flush and (2) cache_db.SessionStore.flush functions in Django 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions create empty sessions in certain circumstances, which allows remote attackers to cause a denial of service (session store consumption) via unspecified vectors.

Affected configurations

NVD

Node

djangoprojectdjangoMatch1.4

djangoprojectdjangoMatch1.4.1

djangoprojectdjangoMatch1.4.2

djangoprojectdjangoMatch1.4.4

djangoprojectdjangoMatch1.4.5

djangoprojectdjangoMatch1.4.6

djangoprojectdjangoMatch1.4.7

djangoprojectdjangoMatch1.4.8

djangoprojectdjangoMatch1.4.9

djangoprojectdjangoMatch1.4.10

djangoprojectdjangoMatch1.4.11

djangoprojectdjangoMatch1.4.12

djangoprojectdjangoMatch1.4.13

djangoprojectdjangoMatch1.4.14

djangoprojectdjangoMatch1.4.17

djangoprojectdjangoMatch1.4.19

djangoprojectdjangoMatch1.4.20

djangoprojectdjangoMatch1.4.21

djangoprojectdjangoMatch1.7beta1

djangoprojectdjangoMatch1.7beta2

djangoprojectdjangoMatch1.7beta3

djangoprojectdjangoMatch1.7beta4

djangoprojectdjangoMatch1.7rc1

djangoprojectdjangoMatch1.7rc2

djangoprojectdjangoMatch1.7rc3

djangoprojectdjangoMatch1.7.1

djangoprojectdjangoMatch1.7.2

djangoprojectdjangoMatch1.7.3

djangoprojectdjangoMatch1.7.4

djangoprojectdjangoMatch1.7.5

djangoprojectdjangoMatch1.7.6

djangoprojectdjangoMatch1.7.7

djangoprojectdjangoMatch1.7.8

djangoprojectdjangoMatch1.7.9

djangoprojectdjangoMatch1.8beta1

djangoprojectdjangoMatch1.8.0

djangoprojectdjangoMatch1.8.1

djangoprojectdjangoMatch1.8.2

djangoprojectdjangoMatch1.8.3

Node

canonicalubuntu_linuxMatch12.04lts

canonicalubuntu_linuxMatch14.04lts

canonicalubuntu_linuxMatch15.04

Node

oraclesolarisMatch11.3

References

lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.html

rhn.redhat.com/errata/RHSA-2015-1766.html

rhn.redhat.com/errata/RHSA-2015-1767.html

rhn.redhat.com/errata/RHSA-2015-1894.html

www.debian.org/security/2015/dsa-3338

www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

www.securityfocus.com/bid/76440

www.securitytracker.com/id/1033318

www.ubuntu.com/usn/USN-2720-1

www.djangoproject.com/weblog/2015/aug/18/security-releases/

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.5 Medium

AI Score

Confidence

Low

0.016 Low

EPSS

Percentile

87.6%

JSON

Related for NVD:CVE-2015-5964

debiancve1 cvelist1 prion1 cve1 github1 ubuntucve1 osv2 nessus7 openvas6 mageia1 securityvulns2 debian2 freebsd1 redhat3 ubuntu1 fedora2 altlinux2