5 matches found
SUSE CVE-2015-3982
The session.flush function in the cacheddb backend in Django 1.8.x before 1.8.2 does not properly flush the session, which allows remote attackers to hijack user sessions via an empty string in the session key...
Fedora Update for python-django FEDORA-2015-11403
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for python-django FEDORA-2015-8691
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2015-3982
CVE-2015-3982 affects Django (1.8.x) with the session flush in the cached_db backend: flushing the session can set an empty string as the session key, allowing remote attackers to hijack user sessions. The vulnerability is fixed starting with Django 1.8.2 and related security updates. Affected co...
Fedora 22 : python-django-1.8.2-1.fc22 (2015-8691)
fix CVE-2015-3982 - Fixed session flushing in the cacheddb backend Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...