{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-08-18T00:00:00", "descriptions": [{"lang": "en", "value": "The (1) contrib.sessions.backends.base.SessionBase.flush and (2) cache_db.SessionStore.flush functions in Django 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions create empty sessions in certain circumstances, which allows remote attackers to cause a denial of service (session store consumption) via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-22T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "FEDORA-2015-1dd5bc998f", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.html"}, {"name": "RHSA-2015:1894", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1894.html"}, {"name": "DSA-3338", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2015/dsa-3338"}, {"name": "1033318", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1033318"}, {"name": "RHSA-2015:1767", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1767.html"}, {"name": "USN-2720-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2720-1"}, {"name": "RHSA-2015:1766", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1766.html"}, {"name": "76440", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/76440"}, {"tags": ["x_refsource_MISC"], "url": "https://www.djangoproject.com/weblog/2015/aug/18/security-releases/"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-5964", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The (1) contrib.sessions.backends.base.SessionBase.flush and (2) cache_db.SessionStore.flush functions in Django 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions create empty sessions in certain circumstances, which allows remote attackers to cause a denial of service (session store consumption) via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "FEDORA-2015-1dd5bc998f", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.html"}, {"name": "RHSA-2015:1894", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-1894.html"}, {"name": "DSA-3338", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3338"}, {"name": "1033318", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1033318"}, {"name": "RHSA-2015:1767", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-1767.html"}, {"name": "USN-2720-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2720-1"}, {"name": "RHSA-2015:1766", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-1766.html"}, {"name": "76440", "refsource": "BID", "url": "http://www.securityfocus.com/bid/76440"}, {"name": "https://www.djangoproject.com/weblog/2015/aug/18/security-releases/", "refsource": "MISC", "url": "https://www.djangoproject.com/weblog/2015/aug/18/security-releases/"}, {"name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T07:06:34.982Z"}, "title": "CVE Program Container", "references": [{"name": "FEDORA-2015-1dd5bc998f", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.html"}, {"name": "RHSA-2015:1894", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1894.html"}, {"name": "DSA-3338", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2015/dsa-3338"}, {"name": "1033318", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1033318"}, {"name": "RHSA-2015:1767", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1767.html"}, {"name": "USN-2720-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2720-1"}, {"name": "RHSA-2015:1766", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1766.html"}, {"name": "76440", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/76440"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.djangoproject.com/weblog/2015/aug/18/security-releases/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-5964", "datePublished": "2015-08-24T14:00:00", "dateReserved": "2015-08-07T00:00:00", "dateUpdated": "2024-08-06T07:06:34.982Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:djangoproject:django:1.4:*:*:*:*:*:*:*", "matchCriteriaId": "9A79FF7F-8F92-4FEB-96CC-6B15D0CE920D", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "13EF02D4-406C-4146-9B8F-FAC906E7B6E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "DC462CE5-1BE0-41E0-A28D-291350F021AA", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "4166ADA9-D5B4-47D6-BD93-C98841108275", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.4.5:*:*:*:*:*:*:*", "matchCriteriaId": "080D43D0-C0FF-4F89-910C-D466943816C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.4.6:*:*:*:*:*:*:*", "matchCriteriaId": "E04AE832-9059-42AB-AD39-D01E7A633615", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.4.7:*:*:*:*:*:*:*", "matchCriteriaId": "693EEF6B-810B-4684-9AB5-1BDC95DFA4CF", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.4.8:*:*:*:*:*:*:*", "matchCriteriaId": "C9EF4268-0DB7-4150-B8E7-53C6D7F02E04", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.4.9:*:*:*:*:*:*:*", "matchCriteriaId": "C571F85F-9F49-48B6-9AD9-16CD81655F73", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.4.10:*:*:*:*:*:*:*", "matchCriteriaId": "41F0F1FA-E3EC-421C-9F72-11FC857F6F72", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.4.11:*:*:*:*:*:*:*", "matchCriteriaId": "D4031E5F-B5D6-4E7D-96FC-A4ACF9C306A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.4.12:*:*:*:*:*:*:*", "matchCriteriaId": "7B1577DD-B40E-404B-8E55-3A93AB8A8F62", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.4.13:*:*:*:*:*:*:*", "matchCriteriaId": "10CE2864-1EF6-4197-9D1F-051497F1CC5A", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.4.14:*:*:*:*:*:*:*", "matchCriteriaId": "ED485DA4-0614-4788-B278-5F1F43F5A579", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.4.17:*:*:*:*:*:*:*", "matchCriteriaId": "1C3B4B46-383E-498C-8EFD-8C3FB1F494B9", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.4.19:*:*:*:*:*:*:*", "matchCriteriaId": "1E1359DE-835F-4748-95F4-D2990DBF6A8A", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.4.20:*:*:*:*:*:*:*", "matchCriteriaId": "DE466393-EE2B-44AD-8C69-D4C34A773FFB", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.4.21:*:*:*:*:*:*:*", "matchCriteriaId": "B3C103B6-2FB6-4BF5-B88C-A68DEBABBBCE", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.7:beta1:*:*:*:*:*:*", "matchCriteriaId": "BB1EF6D7-0AF4-4146-BA37-961F7048C1C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.7:beta2:*:*:*:*:*:*", "matchCriteriaId": "5E4CCE84-425C-4B9C-98B7-D858B64B3418", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.7:beta3:*:*:*:*:*:*", "matchCriteriaId": "B6B77FCE-F26A-41CB-8D72-E9EF0E352288", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.7:beta4:*:*:*:*:*:*", "matchCriteriaId": "985884FE-AEB9-4D93-806E-ADFCC576FF99", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.7:rc1:*:*:*:*:*:*", "matchCriteriaId": "D81EE1B4-9CB4-4776-A7CE-44B023C67CA7", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.7:rc2:*:*:*:*:*:*", "matchCriteriaId": "81798B3D-A000-40D5-A369-C9A0BEF79A5E", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.7:rc3:*:*:*:*:*:*", "matchCriteriaId": "32DDDBEB-6F2F-4BA9-876D-38D41BA29726", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "06513AE1-11E4-4A9C-BDA4-D0511A9DCFC8", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "6004EA17-A2B4-4E4C-A738-210FCAC2CA32", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.7.3:*:*:*:*:*:*:*", "matchCriteriaId": "61680046-51CD-4217-AC1E-C11265205DB3", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.7.4:*:*:*:*:*:*:*", "matchCriteriaId": "4320AE65-B4A7-4CC3-8BE0-6CD4FFBC24C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.7.5:*:*:*:*:*:*:*", "matchCriteriaId": "18E5B08A-E6FC-440C-A2F8-1D8B727D55E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.7.6:*:*:*:*:*:*:*", "matchCriteriaId": "6DAD077F-A239-4021-890E-AD4D9D9A388D", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.7.7:*:*:*:*:*:*:*", "matchCriteriaId": "B2DCD8E1-EF0F-4878-8952-E0F729A524C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.7.8:*:*:*:*:*:*:*", "matchCriteriaId": "B3CB49AF-2A89-4277-B2E9-67803A395A23", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.7.9:*:*:*:*:*:*:*", "matchCriteriaId": "8086E8D8-25AD-4F63-BFB2-4AA3FA25484D", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.8:beta1:*:*:*:*:*:*", "matchCriteriaId": "DC23A3EC-942C-4B8D-A3D1-AC7C6526BF1E", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "02D3C0FF-C342-40F1-A187-CD212C16FE8F", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "2510BAD7-1FB6-4F6F-A2CC-9DE9AD39B4FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "D1B388C7-ED4E-4416-969F-32263E7D7AA8", "vulnerable": true}, {"criteria": "cpe:2.3:a:djangoproject:django:1.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "63D36984-4C8E-4CDB-8D15-445705FCECF9", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The (1) contrib.sessions.backends.base.SessionBase.flush and (2) cache_db.SessionStore.flush functions in Django 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions create empty sessions in certain circumstances, which allows remote attackers to cause a denial of service (session store consumption) via unspecified vectors."}, {"lang": "es", "value": "Vulnerabilidad en las funciones (1) contrib.sessions.backends.base.SessionBase.flush y (2) cache_db.SessionStore.flush en Django 1.7.x en versiones anteriores a 1.7.10, 1.4.x en versiones anteriores a 1.4.22 y posiblemente en otras versiones, crea sesiones vac\u00edas en ciertas circunstancias, que permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de almac\u00e9n de sesi\u00f3n) a trav\u00e9s de vectores no especificados."}], "id": "CVE-2015-5964", "lastModified": "2016-12-24T02:59:31.793", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-08-24T14:59:09.837", "references": [{"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2015-1766.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2015-1767.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2015-1894.html"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2015/dsa-3338"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/76440"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1033318"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2720-1"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.djangoproject.com/weblog/2015/aug/18/security-releases/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank upstream Django project for reporting this issue. Upstream acknowledges Lin Hua Cheng as the original reporter.", "affected_release": [{"advisory": "RHSA-2015:1766", "cpe": "cpe:/a:redhat:openstack:5::el6", "package": "python-django-0:1.6.11-3.el6ost", "product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6", "release_date": "2015-09-10T00:00:00Z"}, {"advisory": "RHSA-2015:1767", "cpe": "cpe:/a:redhat:openstack:5::el7", "package": "python-django-0:1.6.11-3.el7ost", "product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7", "release_date": "2015-09-10T00:00:00Z"}, {"advisory": "RHSA-2015:1894", "cpe": "cpe:/a:redhat:openstack:6::el7", "package": "python-django-0:1.6.11-3.el7ost", "product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7", "release_date": "2015-10-15T00:00:00Z"}], "bugzilla": {"description": "python-django: Denial-of-service possibility in logout() view by filling session store", "id": "1252891", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252891"}, "csaw": false, "cvss": {"cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified"}, "cwe": "CWE-770", "details": ["The (1) contrib.sessions.backends.base.SessionBase.flush and (2) cache_db.SessionStore.flush functions in Django 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions create empty sessions in certain circumstances, which allows remote attackers to cause a denial of service (session store consumption) via unspecified vectors.", "It was found that certain Django functions would, in certain circumstances, create empty sessions. A remote attacker could use this flaw to fill up the session store or cause other users' session records to be evicted by requesting a large number of new sessions."], "name": "CVE-2015-5964", "package_state": [{"cpe": "cpe:/a:redhat:openstack:7", "fix_state": "Not affected", "package_name": "python-django", "product_name": "Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)"}], "public_date": "2015-08-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-5964\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5964"], "threat_severity": "Moderate"}