Description

The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (session store consumption) via multiple requests with unique session keys.

Remediation

References

CVE-2015-5143

Related Vulnerabilities

Magento Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2022-34254)

GlassFish Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-3250)

WordPress Plugin Email newsletter 'option' Parameter Information Disclosure (8.0)

WordPress Plugin Feed Them Social-for Twitter feed, Youtube and more PHAR Deserialization (2.9.8.5)

Moodle Incorrect Authorization Vulnerability (CVE-2021-40692)

Severity

High

Classification

CVE-2015-5143

Tags

Missing Update Known Vulnerabilities