Description

The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (session store consumption) via multiple requests with unique session keys.

Remediation

References

CVE-2015-5143

Related Vulnerabilities

MySQL CVE-2013-0389 Vulnerability (CVE-2013-0389)

WordPress Plugin Wordfence Security-Firewall & Malware Scan Cross-Site Scripting (3.8.6)

WordPress Plugin Social Like Box and Page by WpDevArt Unspecified Vulnerability (0.8.39)

Microsoft SQL Server Other Vulnerability (CVE-2002-0056)

Django Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2023-23969)

Severity

High

Classification

CVE-2015-5143

Tags

Missing Update Known Vulnerabilities