Lucene search
K

7 matches found

Github Security Blog
Github Security Blog
added 2022/05/17 12:36 a.m.31 views

Django denial of service via empty session record creation

contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service session store consumption or session record removal via a large number of requests to...

5CVSS6.8AI score0.05163EPSS
Exploits0References21Affected Software1
Prion
Prion
added 2015/07/14 5:59 p.m.17 views

Design/Logic Flaw

validators.URLValidator in Django 1.8.x before 1.8.3 allows remote attackers to cause a denial of service CPU consumption via unspecified vectors...

7.8CVSS7AI score0.02975EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2015/06/02 2:59 p.m.29 views

CVE-2015-3982

The session.flush function in the cacheddb backend in Django 1.8.x before 1.8.2 does not properly flush the session, which allows remote attackers to hijack user sessions via an empty string in the session key...

5CVSS6.4AI score0.01748EPSS
Exploits0References2
Prion
Prion
added 2015/06/02 2:59 p.m.19 views

Design/Logic Flaw

The session.flush function in the cacheddb backend in Django 1.8.x before 1.8.2 does not properly flush the session, which allows remote attackers to hijack user sessions via an empty string in the session key...

5CVSS7AI score0.01748EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2015/06/02 2:0 p.m.27 views

CVE-2015-3982

The session.flush function in the cacheddb backend in Django 1.8.x before 1.8.2 does not properly flush the session, which allows remote attackers to hijack user sessions via an empty string in the session key...

5CVSS6.3AI score0.01748EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2015/05/20 12:0 a.m.29 views

CVE-2015-3982

The session.flush function in the cacheddb backend in Django 1.8.x before 1.8.2 does not properly flush the session, which allows remote attackers to hijack user sessions via an empty string in the session key...

5CVSS6.8AI score0.01748EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2015/03/30 12:0 a.m.40 views

Mandriva Linux Security Advisory : python-django (MDVSA-2015:109)

Updated python-django packages fix security vulnerabilities : Jedediah Smith discovered that Django incorrectly handled underscores in WSGI headers. A remote attacker could possibly use this issue to spoof headers in certain environments CVE-2015-0219. Mikko Ohtamaa discovered that Django...

5CVSS5.7AI score0.06783EPSS
Exploits4References9
Rows per page
Query Builder