Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2015-5143

The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (session store consumption) via multiple requests with unique session keys.

Related bugs and status

CVE-2015-5143 (Candidate) is related to these bugs:

Bug #1459628: Another Horizon login page vulnerability to a DoS attack

		In	Importance	Status
1459628	Another Horizon login page vulnerability to a DoS attack	Mirantis OpenStack	High	Fix Released
1459628	Another Horizon login page vulnerability to a DoS attack	Mirantis OpenStack 7.0.x	Critical	Fix Released
1459628	Another Horizon login page vulnerability to a DoS attack	Mirantis OpenStack 6.1.x	High	Won't Fix

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://www.djangoproj...
DEBIAN: DSA-3305
UBUNTU: USN-2671-1
CONFIRM: http://www.oracle.com/...
BID: 75666
FEDORA: FEDORA-2015-1dd5bc998f
GENTOO: GLSA-201510-06
REDHAT: RHSA-2015:1678
REDHAT: RHSA-2015:1686
SUSE: openSUSE-SU-2015:1802
SUSE: openSUSE-SU-2015:1813
SECTRACK: 1032820