The (1) contrib.sessions.backends.base.SessionBase.flush and (2) cache_db.SessionStore.flush functions in Django 1.7.x prior to 1.7.10, 1.4.x prior to 1.4.22, and possibly other versions create empty sessions in certain circumstances, which allows remote malicious users to cause a denial of service (session store consumption) via unspecified vectors.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
djangoproject django 1.8 |
||
djangoproject django 1.8.0 |
||
djangoproject django 1.7 |
||
djangoproject django 1.7.6 |
||
djangoproject django 1.7.7 |
||
djangoproject django 1.4.12 |
||
djangoproject django 1.4.13 |
||
djangoproject django 1.4.14 |
||
djangoproject django 1.4.5 |
||
djangoproject django 1.4.6 |
||
djangoproject django 1.7.4 |
||
djangoproject django 1.7.5 |
||
djangoproject django 1.4.10 |
||
djangoproject django 1.4.11 |
||
djangoproject django 1.4.21 |
||
djangoproject django 1.4.4 |
||
djangoproject django 1.7.2 |
||
djangoproject django 1.7.3 |
||
djangoproject django 1.4 |
||
djangoproject django 1.4.1 |
||
djangoproject django 1.4.2 |
||
djangoproject django 1.4.20 |
||
djangoproject django 1.4.9 |
||
djangoproject django 1.8.1 |
||
djangoproject django 1.8.2 |
||
djangoproject django 1.8.3 |
||
djangoproject django 1.7.1 |
||
djangoproject django 1.7.8 |
||
djangoproject django 1.7.9 |
||
djangoproject django 1.4.17 |
||
djangoproject django 1.4.19 |
||
djangoproject django 1.4.7 |
||
djangoproject django 1.4.8 |
||
canonical ubuntu linux 15.04 |
||
canonical ubuntu linux 12.04 |
||
canonical ubuntu linux 14.04 |
||
oracle solaris 11.3 |