SB2015070909 - Fedora 22 update for python-django

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2015070909

SB2015070909 - Fedora 22 update for python-django

Published: July 9, 2015 Updated: April 24, 2025

Security Bulletin ID SB2015070909
Severity
Medium
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Resource management error (CVE-ID: CVE-2015-5143)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (session store consumption) via multiple requests with unique session keys.


2) Input validation error (CVE-ID: CVE-2015-5144)

The vulnerability allows a remote non-authenticated attacker to manipulate data.

Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an (1) email message to the EmailValidator, a (2) URL to the URLValidator, or unspecified vectors to the (3) validate_ipv4_address or (4) validate_slug validator.


3) Resource management error (CVE-ID: CVE-2015-5145)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

validators.URLValidator in Django 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.


Remediation

Install update from vendor's website.

References