7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.135 Low
EPSS
Percentile
95.6%
Django is a high-level Python Web framework that encourages rapid
development and a clean, pragmatic design. It focuses on automating as much
as possible and adhering to the DRY (Don’t Repeat Yourself) principle.
A flaw was found in the Django session backend, which could allow an
unauthenticated attacker to create session records in the configured
session store, causing a denial of service by filling up the session store.
(CVE-2015-5143)
Red Hat would like to thank the upstream Django project for reporting
this issue.
All python-django users are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 7 | noarch | python-django-doc | < 1.6.11-2.el7ost | python-django-doc-1.6.11-2.el7ost.noarch.rpm |
RedHat | 6 | noarch | python-django | < 1.6.11-1.el6ost | python-django-1.6.11-1.el6ost.noarch.rpm |
RedHat | 6 | src | python-django | < 1.6.11-1.el6ost | python-django-1.6.11-1.el6ost.src.rpm |
RedHat | 6 | noarch | python-django-doc | < 1.6.11-1.el6ost | python-django-doc-1.6.11-1.el6ost.noarch.rpm |
RedHat | 7 | noarch | python-django-bash-completion | < 1.6.11-2.el7ost | python-django-bash-completion-1.6.11-2.el7ost.noarch.rpm |
RedHat | 7 | noarch | python-django | < 1.6.11-2.el7ost | python-django-1.6.11-2.el7ost.noarch.rpm |
RedHat | 6 | noarch | python-django-bash-completion | < 1.6.11-1.el6ost | python-django-bash-completion-1.6.11-1.el6ost.noarch.rpm |