Moderate severityNVD Advisory· Published Aug 24, 2015· Updated Jun 17, 2026
CVE-2015-5964
CVE-2015-5964
Description
The (1) contrib.sessions.backends.base.SessionBase.flush and (2) cache_db.SessionStore.flush functions in Django 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions create empty sessions in certain circumstances, which allows remote attackers to cause a denial of service (session store consumption) via unspecified vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
DjangoPyPI | >= 1.7, < 1.7.10 | 1.7.10 |
DjangoPyPI | >= 1.4, < 1.4.22 | 1.4.22 |
Affected products
44cpe:2.3:a:djangoproject:django:1.4:*:*:*:*:*:*:*+ 38 more
- cpe:2.3:a:djangoproject:django:1.4:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.4.10:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.4.11:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.4.12:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.4.13:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.4.14:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.4.17:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.4.19:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.4.20:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.4.21:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.4.9:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.7.7:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.7.8:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.7.9:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.7:beta1:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.7:beta2:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.7:beta3:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.7:beta4:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.7:rc1:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.7:rc2:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.7:rc3:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.8:beta1:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*+ 2 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
20- www.djangoproject.com/weblog/2015/aug/18/security-releases/nvdPatchVendor Advisory
- www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.htmlnvdThird Party AdvisoryWEB
- www.ubuntu.com/usn/USN-2720-1nvdThird Party AdvisoryWEB
- github.com/advisories/GHSA-x38m-486c-2wr9ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2015-5964ghsaADVISORY
- lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.htmlnvdWEB
- rhn.redhat.com/errata/RHSA-2015-1766.htmlnvdWEB
- rhn.redhat.com/errata/RHSA-2015-1767.htmlnvdWEB
- rhn.redhat.com/errata/RHSA-2015-1894.htmlnvdWEB
- www.debian.org/security/2015/dsa-3338nvdWEB
- github.com/django/django/commit/2f5485346ee6f84b4e52068c04e043092daf55f7ghsaWEB
- github.com/django/django/commit/575f59f9bc7c59a5e41a081d1f5f55fc859c5012ghsaWEB
- github.com/django/django/commit/8cc41ce7a7a8f6bebfdd89d5ab276cd0109f4fc5ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2015-23.yamlghsaWEB
- web.archive.org/web/20150906124157/http://www.securityfocus.com/bid/76440ghsaWEB
- web.archive.org/web/20150923161048/http://www.securitytracker.com/id/1033318ghsaWEB
- web.archive.org/web/20200228051814/http://www.securityfocus.com/bid/76440ghsaWEB
- www.djangoproject.com/weblog/2015/aug/18/security-releasesghsaWEB
- www.securityfocus.com/bid/76440nvd
- www.securitytracker.com/id/1033318nvd
News mentions
0No linked articles in our index yet.