Search for vulnerabilities
Vulnerability details: VCID-482k-kc8y-aaas
Vulnerability ID VCID-482k-kc8y-aaas
Aliases CVE-2015-5143
GHSA-h582-2pch-3xv3
PYSEC-2015-20
Summary The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (session store consumption) via multiple requests with unique session keys.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (5)
CWE-399 Resource Management Errors
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-400 Uncontrolled Resource Consumption
CWE-770 Allocation of Resources Without Limits or Throttling
System Score Found at
cvssv3.1 7.5 http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.html
generic_textual MODERATE http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.html
cvssv3.1 7.5 http://lists.opensuse.org/opensuse-updates/2015-10/msg00043.html
generic_textual HIGH http://lists.opensuse.org/opensuse-updates/2015-10/msg00043.html
cvssv3.1 7.5 http://lists.opensuse.org/opensuse-updates/2015-10/msg00046.html
generic_textual HIGH http://lists.opensuse.org/opensuse-updates/2015-10/msg00046.html
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-5143.html
cvssv3.1 7.5 http://rhn.redhat.com/errata/RHSA-2015-1678.html
generic_textual HIGH http://rhn.redhat.com/errata/RHSA-2015-1678.html
cvssv3.1 7.5 http://rhn.redhat.com/errata/RHSA-2015-1686.html
generic_textual HIGH http://rhn.redhat.com/errata/RHSA-2015-1686.html
rhas Moderate https://access.redhat.com/errata/RHSA-2015:1678
rhas Moderate https://access.redhat.com/errata/RHSA-2015:1686
epss 0.01938 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.04798 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.04798 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.04798 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.04869 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.04869 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.04869 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.04869 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.04869 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.13527 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.13527 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.13527 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.13527 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.13527 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.13527 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.13527 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.13527 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.13527 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.13527 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.13527 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.13527 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.15013 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.15013 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.15097 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.15661 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.15661 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.15661 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.15661 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.15661 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.15661 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.15661 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.15661 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.15661 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.15661 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.15661 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.15661 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.15661 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.15661 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.15661 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.15661 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.15661 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.15661 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.15661 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.15661 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.15661 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.15661 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.15661 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.15661 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.15661 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.15661 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.15661 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.15661 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.15661 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.15661 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.15661 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.15661 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.15661 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.15661 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.15661 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.15661 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.15661 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.15661 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.15813 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.15813 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.15813 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.15813 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.15813 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.15813 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.15813 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.15813 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.15813 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.15813 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.15813 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.15813 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.15813 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.15813 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.15813 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.15813 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
epss 0.15813 https://api.first.org/data/v1/epss?cve=CVE-2015-5143
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=1239010
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5143
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5144
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-h582-2pch-3xv3
cvssv3.1 3.7 https://github.com/django/django
generic_textual MODERATE https://github.com/django/django
cvssv3.1 7.5 https://github.com/django/django/commit/1828f4341ec53a8684112d24031b767eba557663
generic_textual HIGH https://github.com/django/django/commit/1828f4341ec53a8684112d24031b767eba557663
cvssv3.1 7.5 https://github.com/django/django/commit/2e47f3e401c29bc2ba5ab794d483cb0820855fb9
generic_textual HIGH https://github.com/django/django/commit/2e47f3e401c29bc2ba5ab794d483cb0820855fb9
cvssv3.1 7.5 https://github.com/django/django/commit/66d12d1ababa8f062857ee5eb43276493720bf16
generic_textual HIGH https://github.com/django/django/commit/66d12d1ababa8f062857ee5eb43276493720bf16
cvssv3.1 7.5 https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2015-20.yaml
generic_textual HIGH https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2015-20.yaml
cvssv2 7.8 https://nvd.nist.gov/vuln/detail/CVE-2015-5143
cvssv3.1 7.5 https://security.gentoo.org/glsa/201510-06
generic_textual HIGH https://security.gentoo.org/glsa/201510-06
generic_textual Medium https://ubuntu.com/security/notices/USN-2671-1
cvssv3.1 7.5 https://www.djangoproject.com/weblog/2015/jul/08/security-releases
generic_textual HIGH https://www.djangoproject.com/weblog/2015/jul/08/security-releases
generic_textual Medium https://www.djangoproject.com/weblog/2015/jul/08/security-releases/
cvssv3.1 7.5 http://www.debian.org/security/2015/dsa-3305
generic_textual HIGH http://www.debian.org/security/2015/dsa-3305
cvssv3.1 7.5 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
generic_textual MODERATE http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
generic_textual HIGH http://www.securityfocus.com/bid/75666
generic_textual HIGH http://www.securitytracker.com/id/1032820
cvssv3.1 7.5 http://www.ubuntu.com/usn/USN-2671-1
generic_textual HIGH http://www.ubuntu.com/usn/USN-2671-1
Reference id Reference type URL
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.html
http://lists.opensuse.org/opensuse-updates/2015-10/msg00043.html
http://lists.opensuse.org/opensuse-updates/2015-10/msg00046.html
http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-5143.html
http://rhn.redhat.com/errata/RHSA-2015-1678.html
http://rhn.redhat.com/errata/RHSA-2015-1686.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5143.json
https://api.first.org/data/v1/epss?cve=CVE-2015-5143
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5143
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5144
https://github.com/django/django
https://github.com/django/django/commit/1828f4341ec53a8684112d24031b767eba557663
https://github.com/django/django/commit/2e47f3e401c29bc2ba5ab794d483cb0820855fb9
https://github.com/django/django/commit/66d12d1ababa8f062857ee5eb43276493720bf16
https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2015-20.yaml
https://security.gentoo.org/glsa/201510-06
https://ubuntu.com/security/notices/USN-2671-1
https://www.djangoproject.com/weblog/2015/jul/08/security-releases
https://www.djangoproject.com/weblog/2015/jul/08/security-releases/
http://www.debian.org/security/2015/dsa-3305
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
http://www.securityfocus.com/bid/75666
http://www.securitytracker.com/id/1032820
http://www.ubuntu.com/usn/USN-2671-1
1239010 https://bugzilla.redhat.com/show_bug.cgi?id=1239010
cpe:2.3:a:djangoproject:django:1.4.20:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.4.20:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.5:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.5.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.5.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.5.10:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.5.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.5.11:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.5.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.5.12:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.5.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.5.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.5.3:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.5.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.5.4:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.5.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.5.5:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.5.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.5.6:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.5.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.5.7:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.5.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.5.8:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.5.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.5.9:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.5:alpha:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.5:alpha:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.5:beta:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.5:beta:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.6:-:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.6:-:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.6.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.6.1:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.6.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.6.10:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.6.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.6.2:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.6.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.6.3:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.6.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.6.4:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.6.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.6.5:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.6.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.6.6:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.6.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.6.7:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.6.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.6.8:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.6.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.6.9:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.6:beta1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.6:beta1:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.6:beta2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.6:beta2:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.6:beta3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.6:beta3:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.6:beta4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.6:beta4:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.7.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.7.1:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.7.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.7.2:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.7.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.7.3:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.7.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.7.4:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.7.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.7.5:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.7.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.7.6:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.7.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.7.7:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.7.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.7.8:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.7.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.7.9:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.7:beta1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.7:beta1:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.7:beta2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.7:beta2:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.7:beta3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.7:beta3:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.7:beta4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.7:beta4:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.7:rc1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.7:rc1:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.7:rc2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.7:rc2:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.7:rc3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.7:rc3:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.0:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.1:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.2:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
CVE-2015-5143 https://nvd.nist.gov/vuln/detail/CVE-2015-5143
GHSA-h582-2pch-3xv3 https://github.com/advisories/GHSA-h582-2pch-3xv3
RHSA-2015:1678 https://access.redhat.com/errata/RHSA-2015:1678
RHSA-2015:1686 https://access.redhat.com/errata/RHSA-2015:1686
USN-2671-1 https://usn.ubuntu.com/2671-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at http://lists.opensuse.org/opensuse-updates/2015-10/msg00043.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at http://lists.opensuse.org/opensuse-updates/2015-10/msg00046.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://rhn.redhat.com/errata/RHSA-2015-1678.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://rhn.redhat.com/errata/RHSA-2015-1686.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/django/django
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/django/django/commit/1828f4341ec53a8684112d24031b767eba557663
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/django/django/commit/2e47f3e401c29bc2ba5ab794d483cb0820855fb9
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/django/django/commit/66d12d1ababa8f062857ee5eb43276493720bf16
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2015-20.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2015-5143
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://security.gentoo.org/glsa/201510-06
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://www.djangoproject.com/weblog/2015/jul/08/security-releases
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at http://www.debian.org/security/2015/dsa-3305
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at http://www.ubuntu.com/usn/USN-2671-1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.72472
EPSS Score 0.01938
Published At March 29, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.