CVE-2015-5963

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2015-5963

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2015-5963.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2015-5963

Aliases

Downstream

DEBIAN-CVE-2015-5963

DLA-301-1

DSA-3338-1

RHSA-2015:1766

RHSA-2015:1767

RHSA-2015:1876

RHSA-2015:1894

SUSE-SU-2015:1810-1

SUSE-SU-2015:1815-1

SUSE-SU-2016:0044-1

UBUNTU-CVE-2015-5963

USN-2720-1

openSUSE-SU-2023:0077-1

openSUSE-SU-2024:10066-1

openSUSE-SU-2024:11205-1

openSUSE-SU-2024:13887-1

openSUSE-SU-2024:14208-1

Related

Withdrawn

2026-01-27T04:13:59.337212Z

Published

2015-08-24T14:59:08Z

Modified

2026-01-27T04:13:59.337212Z

Summary

[none]

Details

contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service (session store consumption or session record removal) via a large number of requests to contrib.auth.views.logout, which triggers the creation of an empty session record.

References

Affected packages