1. Home
  2. CVE Database
  3. CVE-2015-5143
HIGH · 7.8

CVE-2015-5143

The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (session store consumption) via multi...

Vulnerability Description

The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (session store consumption) via multiple requests with unique session keys.

CVSS Score

7.8

HIGH

AV:N/AC:L/Au:N/C:N/I:N/A:C
Confidentiality
NONE
Integrity
NONE
Availability
COMPLETE

Affected Products

VendorProductVersions
DjangoprojectDjango1.4.20
DebianDebian Linux7.0
OracleSolaris11.3
CanonicalUbuntu Linux12.04

Related Weaknesses (CWE)

CWE-399

References

FAQ

What is CVE-2015-5143?

CVE-2015-5143 is a vulnerability with a CVSS score of 7.8 (HIGH). The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (session store consumption) via multi...

How severe is CVE-2015-5143?

CVE-2015-5143 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-5143?

Check the references section above for vendor advisories and patch information. Affected products include: Djangoproject Django, Debian Debian Linux, Oracle Solaris, Canonical Ubuntu Linux.