78 matches found
CVE-2019-3783
The CVE-2019-3783 entry affects Cloud Foundry Stratos prior to 2.3.0, where a public default session store secret can be brute-forced to hijack another user’s Stratos session and act on their behalf. Root cause: use of a public default session secret in deployed Stratos instances. Impact: attacke...
CVE-2019-3783 Cloud Foundry Stratos Deploys With Public Default Session Store Secret
Cloud Foundry Stratos, versions prior to 2.3.0, deploys with a public default session store secret. A malicious user with default session store secret can brute force another user's current Stratos session, and act on behalf of that user...
CVE-2019-3783
Cloud Foundry Stratos, versions prior to 2.3.0, deploys with a public default session store secret. A malicious user with default session store secret can brute force another user's current Stratos session, and act on behalf of that user...
CVE-2019-3783
Cloud Foundry Stratos, versions prior to 2.3.0, deploys with a public default session store secret. A malicious user with default session store secret can brute force another user's current Stratos session, and act on behalf of that user...
Default configuration
Cloud Foundry Stratos, versions prior to 2.3.0, deploys with a public default session store secret. A malicious user with default session store secret can brute force another user's current Stratos session, and act on behalf of that user...
Denial Of Service (DoS) Session Store Consumption Or Session Record Removal
Django is vulnerable to denial of service through session store consumption or session record removal. This is caused in contrib.sessions.middleware.SessionMiddleware when a large number of requests are made to contrib.auth.views.logout, triggering the creation of empty session records, using up...
Denial Of Service (DoS) Session Store Consumption
Django is vulnerable to denial of service through session store consumption. This vulnerable is caused by sessions backends creating new empty records in the session storage when request.session is accessed when a session key provided didn't match a current session record. This allows malicious...
python-django: Denial-of-service possibility in logout() view by filling session store
It was found that Django incorrectly handled the session store. A session could be created by anonymously accessing the django.contrib.auth.views.logout view if it was not decorated correctly with django.contrib.auth.decorators.loginrequired. A remote attacker could use this flaw to fill up the...
python-django: Denial-of-service possibility in logout() view by filling session store
It was found that certain Django functions would, in certain circumstances, create empty sessions. A remote attacker could use this flaw to fill up the session store or cause other users' session records to be evicted by requesting a large number of new sessions...
Mageia: Security Advisory (MGASA-2015-0327)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
python-django: Denial-of-service possibility in logout() view by filling session store
It was found that Django incorrectly handled the session store. A session could be created by anonymously accessing the django.contrib.auth.views.logout view if it was not decorated correctly with django.contrib.auth.decorators.loginrequired. A remote attacker could use this flaw to fill up the...
The vulnerability of the Django web application framework, which allows a hacker to trigger a denial-of-service attack
The vulnerability of the contrib.sessions.backends.base.SessionBase.flush and cachedb.SessionStore.flush functions in the Django web framework is related to resource management errors. Exploiting this vulnerability may allow a malicious actor, operating remotely, to cause service interruptions...
Moderate: Red Hat Security Advisory: python-django security update
Updated python-django packages that fix two security issues are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores...
python-django: Denial-of-service possibility in logout() view by filling session store
It was found that certain Django functions would, in certain circumstances, create empty sessions. A remote attacker could use this flaw to fill up the session store or cause other users' session records to be evicted by requesting a large number of new sessions...
python-django: Denial-of-service possibility in logout() view by filling session store
It was found that Django incorrectly handled the session store. A session could be created by anonymously accessing the django.contrib.auth.views.logout view if it was not decorated correctly with django.contrib.auth.decorators.loginrequired. A remote attacker could use this flaw to fill up the...
python-django: Denial-of-service possibility in logout() view by filling session store
It was found that certain Django functions would, in certain circumstances, create empty sessions. A remote attacker could use this flaw to fill up the session store or cause other users' session records to be evicted by requesting a large number of new sessions...
python-django: Denial-of-service possibility in logout() view by filling session store
It was found that Django incorrectly handled the session store. A session could be created by anonymously accessing the django.contrib.auth.views.logout view if it was not decorated correctly with django.contrib.auth.decorators.loginrequired. A remote attacker could use this flaw to fill up the...
MGASA-2015-0327 Updated python-django and python-django14 packages fix security vulnerabilities
Lin Hua Cheng discovered that Django incorrectly handled the session store. A remote attacker could use this issue to cause the session store to fill up, resulting in a denial of service...
Updated python-django and python-django14 packages fix security vulnerabilities
Lin Hua Cheng discovered that Django incorrectly handled the session store. A remote attacker could use this issue to cause the session store to fill up, resulting in a denial of service...
Debian DLA-301-1 : python-django security update
denial of service possibility in logout view by filling session store Previously, a session could be created when anonymously accessing the django.contrib.auth.views.logout view provided it wasn't decorated with django.contrib.auth.decorators.loginrequired as done in the admin. This could allow a...