REDHAT-BUG-1252890
First published: Wed Aug 12 2015(Updated: )
Following issue was reported in Django: Previously, a session could be created when anonymously accessing the ``django.contrib.auth.views.logout`` view (provided it wasn't decorated with ``django.contrib.auth.decorators.login_required`` as done in the admin). This could allow an attacker to easily create many new session records by sending repeated requests, potentially filling up the session store or causing other users' session records to be evicted.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Django |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1061941
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1061941&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1061942
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1061942&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1061943
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1061943&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1061944
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1061944&action=edit
- https://www.djangoproject.com/weblog/2015/aug/18/security-releases/
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1260506
- https://rhn.redhat.com/errata/RHSA-2015-1766.html
- https://rhn.redhat.com/errata/RHSA-2015-1767.html
- https://access.redhat.com/errata/RHSA-2015:1876
- https://rhn.redhat.com/errata/RHSA-2015-1894.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1252890
Frequently Asked Questions
What is the vulnerability ID REDHAT-BUG-1252890 about?
The vulnerability ID REDHAT-BUG-1252890 pertains to Django allowing session creation through an unauthenticated access to the logout view, potentially enabling unauthorized actions.
What is the severity of vulnerability REDHAT-BUG-1252890?
The severity of vulnerability REDHAT-BUG-1252890 is rated as medium, due to its potential impact on session management.
How can I fix vulnerability REDHAT-BUG-1252890?
To fix vulnerability REDHAT-BUG-1252890, ensure that the logout view is properly protected with the 'login_required' decorator.
Which versions of Django are affected by REDHAT-BUG-1252890?
The exact versions of Django affected by REDHAT-BUG-1252890 are not specified, but any version utilizing the vulnerable logout view without necessary protections is at risk.
Is vulnerability REDHAT-BUG-1252890 being actively exploited?
There is no specific information available indicating that vulnerability REDHAT-BUG-1252890 is under active exploitation at this time.
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2015-5963
- agent/severity
- agent/references
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/django
- canonical/django