High severityNVD Advisory· Published Jul 14, 2015· Updated Jun 17, 2026
CVE-2015-5143
CVE-2015-5143
Description
The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (session store consumption) via multiple requests with unique session keys.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
DjangoPyPI | < 1.4.21 | 1.4.21 |
DjangoPyPI | >= 1.5, < 1.7.9 | 1.7.9 |
DjangoPyPI | >= 1.8, < 1.8.3 | 1.8.3 |
Affected products
61cpe:2.3:a:djangoproject:django:1.4.20:*:*:*:*:*:*:*+ 49 more
- cpe:2.3:a:djangoproject:django:1.4.20:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.5.10:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.5.11:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.5.12:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.5.8:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.5.9:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.5:alpha:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.5:beta:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.6:-:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.6.10:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.6.7:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.6.8:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.6.9:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.6:beta1:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.6:beta2:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.6:beta3:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.6:beta4:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.7.7:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.7.8:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.7.9:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.7:beta1:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.7:beta2:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.7:beta3:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.7:beta4:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.7:rc1:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.7:rc2:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.7:rc3:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.8.2:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
- ghsa-coords4 versionspkg:pypi/djangopkg:rpm/suse/python-Django&distro=SUSE%20Enterprise%20Storage%201.0pkg:rpm/suse/python-Django&distro=SUSE%20Enterprise%20Storage%202pkg:rpm/suse/python-Django&distro=SUSE%20OpenStack%20Cloud%205
< 1.4.21+ 3 more
- (no CPE)range: < 1.4.21
- (no CPE)range: < 1.6.11-8.1
- (no CPE)range: < 1.6.11-3.1
- (no CPE)range: < 1.6.11-10.2
Patches
Vulnerability mechanics
References
19- www.djangoproject.com/weblog/2015/jul/08/security-releases/nvdPatchVendor Advisory
- www.debian.org/security/2015/dsa-3305nvdThird Party AdvisoryWEB
- www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.htmlnvdThird Party AdvisoryWEB
- www.ubuntu.com/usn/USN-2671-1nvdThird Party AdvisoryWEB
- github.com/advisories/GHSA-h582-2pch-3xv3ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2015-5143ghsaADVISORY
- lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.htmlnvdWEB
- lists.opensuse.org/opensuse-updates/2015-10/msg00043.htmlnvdWEB
- lists.opensuse.org/opensuse-updates/2015-10/msg00046.htmlnvdWEB
- rhn.redhat.com/errata/RHSA-2015-1678.htmlnvdWEB
- rhn.redhat.com/errata/RHSA-2015-1686.htmlnvdWEB
- github.com/django/django/commit/1828f4341ec53a8684112d24031b767eba557663ghsaWEB
- github.com/django/django/commit/2e47f3e401c29bc2ba5ab794d483cb0820855fb9ghsaWEB
- github.com/django/django/commit/66d12d1ababa8f062857ee5eb43276493720bf16ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2015-20.yamlghsaWEB
- security.gentoo.org/glsa/201510-06nvdWEB
- www.djangoproject.com/weblog/2015/jul/08/security-releasesghsaWEB
- www.securityfocus.com/bid/75666nvd
- www.securitytracker.com/id/1032820nvd
News mentions
0No linked articles in our index yet.