Vulnerabilities > CVE-2015-5143 - Resource Management Errors vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (session store consumption) via multiple requests with unique session keys.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201510-06.NASL description The remote host is affected by the vulnerability described in GLSA-201510-06 (Django: Multiple vulnerabilities) Multiple vulnerabilities have been found in Django: Session backends create a new record anytime request.session was accessed (CVE-2015-5143) Built-in validators in Django do not properly sanitize input (CVE-2015-5144) URL validation included a regular expression that was extremely slow (CVE-2015-5145) Impact : A remote attacker may be able cause a Denial of Service condition, inject arbitrary headers, and conduct HTTP response splitting attacks. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 86691 published 2015-11-02 reporter This script is Copyright (C) 2015 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/86691 title GLSA-201510-06 : Django: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201510-06. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(86691); script_version("$Revision: 2.1 $"); script_cvs_date("$Date: 2015/11/02 14:33:25 $"); script_cve_id("CVE-2015-5143", "CVE-2015-5144", "CVE-2015-5145"); script_xref(name:"GLSA", value:"201510-06"); script_name(english:"GLSA-201510-06 : Django: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201510-06 (Django: Multiple vulnerabilities) Multiple vulnerabilities have been found in Django: Session backends create a new record anytime request.session was accessed (CVE-2015-5143) Built-in validators in Django do not properly sanitize input (CVE-2015-5144) URL validation included a regular expression that was extremely slow (CVE-2015-5145) Impact : A remote attacker may be able cause a Denial of Service condition, inject arbitrary headers, and conduct HTTP response splitting attacks. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201510-06" ); script_set_attribute( attribute:"solution", value: "All Django 1.8 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-python/django-1.8.3' All Django 1.7 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-python/django-1.7.9' All Django 1.4 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-python/django-1.4.21'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:django"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2015/10/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/11/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"dev-python/django", unaffected:make_list("ge 1.8.3", "rge 1.7.9", "rge 1.4.21"), vulnerable:make_list("lt 1.8.3"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Django"); }NASL family Debian Local Security Checks NASL id DEBIAN_DLA-272.NASL description Several vulnerabilities were discovered in Django, a high-level Python web development framework : CVE-2015-2317 Daniel Chatfield discovered that python-django, a high-level Python web development framework, incorrectly handled user-supplied redirect URLs. A remote attacker could use this flaw to perform a cross-site scripting attack. CVE-2015-5143 Eric Peterson and Lin Hua Cheng discovered that a new empty record used to be created in the session storage every time a session was accessed and an unknown session key was provided in the request cookie. This could allow remote attackers to saturate the session store or cause other users last seen 2020-03-17 modified 2015-07-17 plugin id 84812 published 2015-07-17 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/84812 title Debian DLA-272-1 : python-django security update code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DLA-272-1. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(84812); script_version("2.7"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2015-2317", "CVE-2015-5143", "CVE-2015-5144"); script_bugtraq_id(73319, 75665, 75666); script_name(english:"Debian DLA-272-1 : python-django security update"); script_summary(english:"Checks dpkg output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security update." ); script_set_attribute( attribute:"description", value: "Several vulnerabilities were discovered in Django, a high-level Python web development framework : CVE-2015-2317 Daniel Chatfield discovered that python-django, a high-level Python web development framework, incorrectly handled user-supplied redirect URLs. A remote attacker could use this flaw to perform a cross-site scripting attack. CVE-2015-5143 Eric Peterson and Lin Hua Cheng discovered that a new empty record used to be created in the session storage every time a session was accessed and an unknown session key was provided in the request cookie. This could allow remote attackers to saturate the session store or cause other users' session records to be evicted. CVE-2015-5144 Sjoerd Job Postmus discovered that some built-in validators did not properly reject newlines in input values. This could allow remote attackers to inject headers in emails and HTTP responses. For the oldoldstable distribution (squeeze), these problems have been fixed in version 1.2.3-3+squeeze13. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2015/07/msg00010.html" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/squeeze-lts/python-django" ); script_set_attribute( attribute:"solution", value:"Upgrade the affected python-django, and python-django-doc packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python-django"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python-django-doc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0"); script_set_attribute(attribute:"patch_publication_date", value:"2015/07/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/07/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"6.0", prefix:"python-django", reference:"1.2.3-3+squeeze13")) flag++; if (deb_check(release:"6.0", prefix:"python-django-doc", reference:"1.2.3-3+squeeze13")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family SuSE Local Security Checks NASL id OPENSUSE-2015-674.NASL description python-django was updated to fix two security issues. These security issues were fixed : - CVE-2015-5144: Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 used an incorrect regular expression, which allowed remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an (1) email message to the EmailValidator, a (2) URL to the URLValidator, or unspecified vectors to the (3) validate_ipv4_address or (4) validate_slug validator (bsc#937523). - CVE-2015-5143: The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allowed remote attackers to cause a denial of service (session store consumption) via multiple requests with unique session keys (bsc#937522). last seen 2020-06-05 modified 2015-10-23 plugin id 86555 published 2015-10-23 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/86555 title openSUSE Security Update : python-django (openSUSE-2015-674) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3305.NASL description Several vulnerabilities were discovered in Django, a high-level Python web development framework : - CVE-2015-5143 Eric Peterson and Lin Hua Cheng discovered that a new empty record used to be created in the session storage every time a session was accessed and an unknown session key was provided in the request cookie. This could allow remote attackers to saturate the session store or cause other users last seen 2020-06-01 modified 2020-06-02 plugin id 84626 published 2015-07-09 reporter This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84626 title Debian DSA-3305-1 : python-django - security update NASL family Fedora Local Security Checks NASL id FEDORA_2015-11403.NASL description update to 1.8.3 fixing 3 CVE Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-07-24 plugin id 84968 published 2015-07-24 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/84968 title Fedora 22 : python-django-1.8.3-1.fc22 (2015-11403) NASL family SuSE Local Security Checks NASL id OPENSUSE-2015-677.NASL description python-django was updated to fix two security issues. These security issues were fixed : - CVE-2015-5144: Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 used an incorrect regular expression, which allowed remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an (1) email message to the EmailValidator, a (2) URL to the URLValidator, or unspecified vectors to the (3) validate_ipv4_address or (4) validate_slug validator (bsc#937523). - CVE-2015-5143: The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allowed remote attackers to cause a denial of service (session store consumption) via multiple requests with unique session keys (bsc#937522). last seen 2020-06-05 modified 2015-10-26 plugin id 86594 published 2015-10-26 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/86594 title openSUSE Security Update : python-Django (openSUSE-2015-677) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_37ED8E9C265111E586FF14DAE9D210B8.NASL description Tim Graham reports : In accordance with our security release policy, the Django team is issuing multiple releases -- Django 1.4.21, 1.7.9, and 1.8.3. These releases are now available on PyPI and our download page. These releases address several security issues detailed below. We encourage all users of Django to upgrade as soon as possible. The Django master branch has also been updated. last seen 2020-06-01 modified 2020-06-02 plugin id 84652 published 2015-07-13 reporter This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84652 title FreeBSD : django -- multiple vulnerabilities (37ed8e9c-2651-11e5-86ff-14dae9d210b8) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2671-1.NASL description Eric Peterson and Lin Hua Cheng discovered that Django incorrectly handled session records. A remote attacker could use this issue to cause a denial of service. (CVE-2015-5143) Sjoerd Job Postmus discovered that DJango incorrectly handled newline characters when performing validation. A remote attacker could use this issue to perform header injection attacks. (CVE-2015-5144). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 84665 published 2015-07-13 reporter Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84665 title Ubuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : python-django vulnerabilities (USN-2671-1) NASL family Fedora Local Security Checks NASL id FEDORA_2015-1DD5BC998F.NASL description rebase to 1.8.6 (rhbz#1276914) ---- rebase to 1.8.5 (rhbz#1276914) ---- python-django-1.8.4-1.fc23 - Do not install bash completion for python executables (Ville Skytta, rhbz#1253076) - CVE-2015-5963 Denial-of-service possibility in logout() view by filling session store (rhbz#1254911) - CVE-2015-5964 Denial-of-service possibility in logout() view by filling session store (rhbz#1252891) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-03-04 plugin id 89168 published 2016-03-04 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/89168 title Fedora 23 : python-django-1.8.6-1.fc23 (2015-1dd5bc998f)
Redhat
| advisories |
| ||||||||
| rpms |
|
References
- http://www.ubuntu.com/usn/USN-2671-1
- http://www.debian.org/security/2015/dsa-3305
- https://www.djangoproject.com/weblog/2015/jul/08/security-releases/
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- http://www.securityfocus.com/bid/75666
- https://security.gentoo.org/glsa/201510-06
- http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.html
- http://rhn.redhat.com/errata/RHSA-2015-1686.html
- http://rhn.redhat.com/errata/RHSA-2015-1678.html
- http://lists.opensuse.org/opensuse-updates/2015-10/msg00046.html
- http://lists.opensuse.org/opensuse-updates/2015-10/msg00043.html
- http://www.securitytracker.com/id/1032820