Debian DLA-301-1 : python-django security update

denial of service possibility in logout view by filling session store Previously, a session could be created when anonymously accessing the django.contrib.auth.views.logout view provided it wasn't decorated with django.contrib.auth.decorators.loginrequired as done in the admin. This could allow a...

[SECURITY] [DLA 301-1] python-django security update

Package : python-django Version : 1.2.3-3+squeeze14 CVE ID : CVE-2015-5963 CVE-2015-5964 Denial-of-service possibility in logout view by filling session store Previously, a session could be created when anonymously accessing the django.contrib.auth.views.logout view provided it wasnt decorated wi...

Django: possible DoS by filling session store

A flaw was found in the Django session backend, which could allow an unauthenticated attacker to create session records in the configured session store, causing a denial of service by filling up the session store...

Moderate: Red Hat Security Advisory: python-django security update

Updated python-django packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Django: possible DoS by filling session store

A flaw was found in the Django session backend, which could allow an unauthenticated attacker to create session records in the configured session store, causing a denial of service by filling up the session store...

PYSEC-2015-23

The 1 contrib.sessions.backends.base.SessionBase.flush and 2 cachedb.SessionStore.flush functions in Django 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions create empty sessions in certain circumstances, which allows remote attackers to cause a denial of service session stor...

PYSEC-2015-23

The 1 contrib.sessions.backends.base.SessionBase.flush and 2 cachedb.SessionStore.flush functions in Django 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions create empty sessions in certain circumstances, which allows remote attackers to cause a denial of service session stor...

CVE-2015-5964

The 1 contrib.sessions.backends.base.SessionBase.flush and 2 cachedb.SessionStore.flush functions in Django 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions create empty sessions in certain circumstances, which allows remote attackers to cause a denial of service session stor...

USN-2720-1: Django vulnerability

Lin Hua Cheng discovered that Django incorrectly handled the session store. A remote attacker could use this issue to cause the session store to fill up, resulting in a denial of service...

USN-2720-1 python-django vulnerability

Lin Hua Cheng discovered that Django incorrectly handled the session store. A remote attacker could use this issue to cause the session store to fill up, resulting in a denial of service...

CVE-2015-5963

contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service session store consumption or session record removal via a large number of requests to...

UBUNTU-CVE-2015-5964

The 1 contrib.sessions.backends.base.SessionBase.flush and 2 cachedb.SessionStore.flush functions in Django 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions create empty sessions in certain circumstances, which allows remote attackers to cause a denial of service session stor...

django -- multiple vulnerabilities

Tim Graham reports: Denial-of-service possibility in logout view by filling session store Previously, a session could be created when anonymously accessing the django.contrib.auth.views.logout view provided it wasn't decorated with django.contrib.auth.decorators.loginrequired as done in the admin...

PT-2015-1974 · Django Software Foundation +2 · Django +2

Name of the Vulnerable Software and Affected Versions: Django versions 1.4.x through 1.4.21 Django versions 1.7.x through 1.7.9 Django versions 1.8.x through 1.8.3 Description: The issue is related to a resource management error in the contrib.sessions.middleware.SessionMiddleware component of th...

CVE-2015-5143

The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service session store consumption via multiple requests with unique session keys...

CVE-2013-3374

Unspecified vulnerability in Request Tracker RT 3.8.x before 3.8.17 and 4.0.x before 4.0.13, when using the Apache::Session::File session store, allows remote attackers to obtain sensitive information user preferences and caches via unknown vectors, related to a "limited session re-use."...

Design/Logic Flaw

Unspecified vulnerability in Request Tracker RT 3.8.x before 3.8.17 and 4.0.x before 4.0.13, when using the Apache::Session::File session store, allows remote attackers to obtain sensitive information user preferences and caches via unknown vectors, related to a "limited session re-use."...

Debian DSA-2670-1 : request-tracker3.8 - several vulnerabilities

Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2013-3368 The rt command line tool uses semi-predictable temporary files. A malicious user can...

PT-2008-6579 · Mozilla +1 · Firefox +1

Name of the Vulnerable Software and Affected Versions: Mozilla Firefox versions 2.x through 2.0.0.18 Mozilla Firefox versions 3.x through 3.0.4 Description: The issue allows remote attackers to bypass the same origin policy, inject content into documents associated with other domains, and conduct...