CVE-2015-5963 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2015-5963 Interim 1 23 2025-11-05T04:45:07Z current 2021-05-30T13:32:43Z 2025-11-05T04:45:07Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2015-5963 contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service (session store consumption or session record removal) via a large number of requests to contrib.auth.views.logout, which triggers the creation of an empty session record. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2015-October/001643.html E-Mail link for SUSE-SU-2015:1810-1 https://lists.suse.com/pipermail/sle-security-updates/2015-October/001644.html E-Mail link for SUSE-SU-2015:1815-1 https://lists.suse.com/pipermail/sle-security-updates/2016-January/001786.html E-Mail link for SUSE-SU-2016:0044-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OGS4NP24275NERRPQV6A6EONV6W3C2SK/ E-Mail link for openSUSE-SU-2023:0077-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Enterprise Storage 1.0 SUSE Enterprise Storage 2 SUSE OpenStack Cloud 5 SUSE OpenStack Cloud 6 SUSE Package Hub 12 SP1 openSUSE Tumbleweed python-Django-1.11.15-2.1 python-Django-1.6.11-10.2 python-Django-1.6.11-3.1 python-Django-1.6.11-8.1 python-Django-1.8.9-1.1 python-Django-1.9.12-1.1 python310-Django-4.2.11-2.1 python310-Django4-4.2.14-1.1 python311-Django-4.2.11-2.1 python311-Django4-4.2.14-1.1 python312-Django-4.2.11-2.1 python312-Django4-4.2.14-1.1 python36-Django-3.2.7-2.3 python38-Django-3.2.7-2.3 python39-Django-3.2.7-2.3 python-Django-1.6.11-8.1 as a component of SUSE Enterprise Storage 1.0 python-Django-1.6.11-3.1 as a component of SUSE Enterprise Storage 2 python-Django-1.6.11-10.2 as a component of SUSE OpenStack Cloud 5 python-Django-1.8.9-1.1 as a component of SUSE OpenStack Cloud 6 python-Django-1.11.15-2.1 as a component of SUSE Package Hub 12 SP1 python-Django-1.9.12-1.1 as a component of openSUSE Tumbleweed python310-Django-4.2.11-2.1 as a component of openSUSE Tumbleweed python310-Django4-4.2.14-1.1 as a component of openSUSE Tumbleweed python311-Django-4.2.11-2.1 as a component of openSUSE Tumbleweed python311-Django4-4.2.14-1.1 as a component of openSUSE Tumbleweed python312-Django-4.2.11-2.1 as a component of openSUSE Tumbleweed python312-Django4-4.2.14-1.1 as a component of openSUSE Tumbleweed python36-Django-3.2.7-2.3 as a component of openSUSE Tumbleweed python38-Django-3.2.7-2.3 as a component of openSUSE Tumbleweed python39-Django-3.2.7-2.3 as a component of openSUSE Tumbleweed contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service (session store consumption or session record removal) via a large number of requests to contrib.auth.views.logout, which triggers the creation of an empty session record. CVE-2015-5963 SUSE Enterprise Storage 1.0:python-Django-1.6.11-8.1 SUSE Enterprise Storage 2:python-Django-1.6.11-3.1 SUSE OpenStack Cloud 5:python-Django-1.6.11-10.2 SUSE OpenStack Cloud 6:python-Django-1.8.9-1.1 SUSE Package Hub 12 SP1:python-Django-1.11.15-2.1 openSUSE Tumbleweed:python-Django-1.9.12-1.1 openSUSE Tumbleweed:python310-Django-4.2.11-2.1 openSUSE Tumbleweed:python310-Django4-4.2.14-1.1 openSUSE Tumbleweed:python311-Django-4.2.11-2.1 openSUSE Tumbleweed:python311-Django4-4.2.14-1.1 openSUSE Tumbleweed:python312-Django-4.2.11-2.1 openSUSE Tumbleweed:python312-Django4-4.2.14-1.1 openSUSE Tumbleweed:python36-Django-3.2.7-2.3 openSUSE Tumbleweed:python38-Django-3.2.7-2.3 openSUSE Tumbleweed:python39-Django-3.2.7-2.3 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P